Install DavMail as an Exchange gateway on uberpsace 7

Last Updated: 2021-10-10

If you want to use Thunderbird for your e-mails but the Exchange-Administrator thinks it is a good idea to disable IMAP, you can use DavMail as a standalone server to access your e-mails without the need for Outlook.

Download DavMail

Get the platform independant non root package of the Server (shared) mode of the latest DavMail Gateway release. This can be used on uberspace 7 as a standalone server to act as a gateway between Thunderbird and the Exchange server. After downloading it, unzip the archive and move it to your (sub)domain root folder.

Make it accessable via WebSockets

To be able to connect to your davmail instance, you have to configure an apache web backend for your DavMail root folder. First, add the (sub)domain you want to use for it with:

uberspace web domain add sub.domain.tld

Then, you have to register a port for each protocol you want DavMail to act as a Gateway for, ie, caldav, imap, ldap, pop, and smtp on your uberspace server:

uberspace port add

This will randomly asign a portnumber to your uberspace account for you to use. If you are using a subdomain, create the appropriate DocumentRoot in /var/www/virtual/<uberspace>/sub.domain.tld (mind the permissions as explained in the uberspace manual!) and add a web backend for each port with:

uberspace web backend set sub.domain.tld --http --port $PORT

Configure DavMail to your needs (with uberspace)

Copy the config file from the davmail homepage and change it according to your needs, ie, at least add the base Exchange OWA or EWS url, Listener ports, log file path, DavMail listeners SSL configuration (see below), and save as davmail.properties in your, e.g., home directory (as it contains your keystore password).

Generate the keystore for DavMail

As uberspace automatically generates a Let's Encrypt SSL certificate, use this to generate your keystore file.

openssl pkcs12 -export -in ~/etc/certificates/sub.domain.tld.crt -inkey ~/etc/certificates/sub.domain.tld.key -out ~/etc/davmail.p12

You will be asked for a $PASSWORD for your davmail.p12 file - remember it. If using the PKCS12 format, you have to add the following lines to your davmail.properties file:

davmail.ssl.keystoreType=PKCS12
davmail.ssl.keyPass=$PASSWORD
davmail.ssl.keystoreFile=davmail.p12
davmail.ssl.keystorePass=$PASSWORD

If you want to use a JKS keystore file, you can create it with the following line:

keytool -importkeystore -deststorepass $PASSWORD2 -destkeystore ~/etc/keystore.jks -srckeystore ~/etc/davmail.p12 -srcstoretype PKCS12 -srcstorepass $PASSWORD

Now add the following lines to your davmail.properties file:

davmail.ssl.keystoreType=JKS
davmail.ssl.keyPass=$PASSWORD2
davmail.ssl.keystoreFile=keystore.jks
davmail.ssl.keystorePass=$PASSWORD2

The keystore file has to be generated and imported into the JKS keystore every time the Let's Encrypt SSL certificate changes. So it might be convenient to set up a cron job. For this the openssl $PASSWORD has to be specified via -password pass:$PASSWORD and -noprompt should be added to the keytool command.

To improve security, you can add the following line to a custom java.security file, which you can save, e.g., in your ~/etc/ directory.

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, EC keySize < 224

Create supervisor daemon

To run DavMail, you should use supervisord - how the general setup is done is already explained in the uberspace manual, for davmail you have to add the following to your ~/etc/services.d/davmail.ini file:

[program:davmail]
directory=/var/www/virtual/$USER/$DOMAIN/
command=java -jar /var/www/virtual/$USER/$DOMAIN/davmail.jar /home/$USER/etc/davmail.properties -Djava.security.properties=/home/$USER/etc/java.security

Start the supervisor daemon with

supervisorctl reread
supervisorctl update

and check if davmail was started with supervisorctl status. That's it, now there are hopefully no errors thrown in ~/logs/supervisord.log (and the davmail logfile specified in the davmail.properties file) and everything should be working fine. You should be able to add another mail account in Thunderbird using $DOMAIN and $PORT for the IMAP/SMTP server, SSL/TLS connection security and your Exchange username/password combo.

 

Not yet rated