Install DavMail as an Exchange gateway on uberpsace 7
If you want to use Thunderbird for your e-mails but the Exchange-Administrator thinks it is a good idea to disable IMAP, you can use DavMail as a standalone server to access your e-mails without the need for Outlook.
Download DavMail
Get the platform independant non root package of the Server (shared) mode of the latest DavMail Gateway release. This can be used on uberspace 7 as a standalone server to act as a gateway between Thunderbird and the Exchange server. After downloading it, unzip the archive and move it to your (sub)domain root folder.
Make it accessable via WebSockets
To be able to connect to your davmail instance, you have to configure an apache web backend for your DavMail root folder. First, add the (sub)domain you want to use for it with:
uberspace web domain add sub.domain.tld
Then, you have to register a port for each protocol you want DavMail to act as a Gateway for, ie, caldav, imap, ldap, pop, and smtp on your uberspace server:
uberspace port add
This will randomly asign a portnumber to your uberspace account for you to use. If you are using a subdomain, create the appropriate DocumentRoot in /var/www/virtual/<uberspace>/sub.domain.tld
(mind the permissions as explained in the uberspace manual!) and add a web backend for each port with:
uberspace web backend set sub.domain.tld --http --port $PORT
Configure DavMail to your needs (with uberspace)
Copy the config file from the davmail homepage and change it according to your needs, ie, at least add the base Exchange OWA or EWS url, Listener ports, log file path, DavMail listeners SSL configuration (see below), and save as davmail.properties
in your, e.g., home directory (as it contains your keystore password).
Generate the keystore for DavMail
As uberspace automatically generates a Let's Encrypt SSL certificate, use this to generate your keystore file.
openssl pkcs12 -export -in ~/etc/certificates/sub.domain.tld.crt -inkey ~/etc/certificates/sub.domain.tld.key -out ~/etc/davmail.p12
You will be asked for a $PASSWORD for your davmail.p12 file - remember it. If using the PKCS12 format, you have to add the following lines to your davmail.properties
file:
davmail.ssl.keystoreType=PKCS12
davmail.ssl.keyPass=$PASSWORD
davmail.ssl.keystoreFile=davmail.p12
davmail.ssl.keystorePass=$PASSWORD
If you want to use a JKS keystore file, you can create it with the following line:
keytool -importkeystore -deststorepass $PASSWORD2 -destkeystore ~/etc/keystore.jks -srckeystore ~/etc/davmail.p12 -srcstoretype PKCS12 -srcstorepass $PASSWORD
Now add the following lines to your davmail.properties file:
davmail.ssl.keystoreType=JKS
davmail.ssl.keyPass=$PASSWORD2
davmail.ssl.keystoreFile=keystore.jks
davmail.ssl.keystorePass=$PASSWORD2
The keystore file has to be generated and imported into the JKS keystore every time the Let's Encrypt SSL certificate changes. So it might be convenient to set up a cron job. For this the openssl $PASSWORD has to be specified via -password pass:$PASSWORD
and -noprompt
should be added to the keytool command.
To improve security, you can add the following line to a custom java.security
file, which you can save, e.g., in your ~/etc/
directory.
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, EC keySize < 224
Create supervisor daemon
To run DavMail, you should use supervisord - how the general setup is done is already explained in the uberspace manual, for davmail you have to add the following to your ~/etc/services.d/davmail.ini
file:
[program:davmail]
directory=/var/www/virtual/$USER/$DOMAIN/
command=java -jar /var/www/virtual/$USER/$DOMAIN/davmail.jar /home/$USER/etc/davmail.properties -Djava.security.properties=/home/$USER/etc/java.security
Start the supervisor daemon with
supervisorctl reread
supervisorctl update
and check if davmail was started with supervisorctl status
. That's it, now there are hopefully no errors thrown in ~/logs/supervisord.log
(and the davmail logfile specified in the davmail.properties file) and everything should be working fine. You should be able to add another mail account in Thunderbird using $DOMAIN and $PORT for the IMAP/SMTP server, SSL/TLS connection security and your Exchange username/password combo.