export DBPW="Passwort"
systemctl stop sendmail
dnf remove sendmail
dnf module disable python36
dnf module enable python38
dnf install -y xorg-x11-fonts-75dpi zlib fontconfig freetype libX11 gcc make libXext libXrender urw-fonts java-11-openjdk-devel mariadb-server mariadb mariadb-devel postfix sendmail-milter procmail python38 python38-devel python38-pip python38-requests gcc gcc-c++ libgcrypt-devel libxml2-devel openssl-devel zip https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos8.x86_64.rpm
alternatives --set python3 /usr/bin/python3.8
pip3 install mysqlclient py3dns xlrd xlwt xlutils paramiko pyspf dnspython dkimpy pycrypto httpie setproctitle inotify aiodns aiohttp aiohttp-xmlrpc aiosmtpd
systemctl enable --now mariadb
mysqladmin -u root password $DBPW
echo $DBPW > /root/.mysqlpw
chmod 600 /root/.mysqlpw
echo 'sql-mode = "STRICT_ALL_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"' >> /etc/my.cnf
systemctl restart mariadb
groupadd openemm
useradd -m -g openemm -d /home/openemm -s /bin/bash openemm
passwd openemm
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=25/tcp --permanent
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
firewall-cmd --reload
alternatives --set mta /usr/sbin/sendmail.postfix
After installation of Postfix, you have to change its configuration to unleash all features. To
do this, change to the Postfix main configuration directory:
# cd /etc/postfix
Add some configuration parameters to Postfix' main configuration file main.cf:
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
message_size_limit = 0
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtp_tls_security_level = may
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtp_tls_mandatory_ciphers = $smtp_tls_ciphers
hash_queue_depth = 2
enable_long_queue_ids = yes
relay_domains = /home/openemm/var/run/relay.domains
transport_maps = hash:/home/openemm/var/run/transport.maps
smtpd_milters = unix:/home/openemm/var/run/bav.sock
If lines with parameters of the same name already exist in file main.cf, comment them with
character # at the beginning to avoid any warning messages or overwrite them with the
new values in case you do not want to keep the original values as backup.
The two files relay.domains and transport.maps as well as Linux socket bav.sock are
automatically created at first startup time of the mailloop service. File relay.domains
specifies your mailloop service domain name, so that responses like auto-replies and
bounces sent to an email address with this domain name are accepted by Postfix for
relaying. File transport.maps defines for the mailloop service domain name the service
used for processing (“mailloop”).
Version 1.0.12
© 2021 AGNITAS AG18
OpenEMM 20.10 Install & Admin Guide
Additionally, you have to set parameter myhostname in file main.cf to the FQDN of your
OpenEMM server. Otherwise, mails would be sent with sender domain
localhost.loacldomain instead.
If you want to be able to receive autoresponder, bounce and feedback mails encrypted
with the TLS protocol, add
smtpd_use_tls = yes
smtpd_tls_loglevel = 2
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_eecdh_grade = strong
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.key
smtpd_tls_CAfile = /etc/pki/tls/certs/cacert.pem
smtpd_tls_CApath = /etc/pki/tls/certs
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_ciphers = high
smtp_tls_protocols = $smtpd_tls_protocols
smtp_tls_ciphers = $smtpd_tls_ciphers
tls_random_source = dev:/dev/urandom
tls_random_prng_update_period = 3600s
to file main.cf. You may have to change the paths to the locations where your TLS keys
are located. Certificate mail.crt may be a self-signed certificate.
Finally, the configuration parameters for service "mailloop" are defined in configuration file
master.cf. Add these two lines:
mailloop unix - n n - - pipe
flags=RX user=openemm argv=/usr/bin/procmail /home/openemm/lib/bav.rc
Please do not omit the two space characters before keyword "flags" to indicate the parser
that the line is continued!
Last not least, activate the TLS manager in file master.cf by uncommenting (i.e. removing
the leading #) line
tlsmgr unix - - n 1000? 1 tlsmgr
To activate all changes, restart Postfix with
# systemctl restart postfix
In case you start Postfix separately from OpenEMM and Postfix complains that file
relay.domains is missing, you can ignore this warning because OpenEMM take care to
create this file at startup time in case it is missing.
4.4 Tomcat Deployment
OpenEMM needs web application engine Tomcat for the frontend services (GUI, statistics
and webservices). Tomcat can be installed with OpenEMM Maintenance Tool OMT.sh. For
details please read section Runtime Deployment below.
If you want to operate OpenEMM with the HTTPS protocol, the server key files (*.key,
*.pem) and server certificate files (*.crt, cacerts) for the TLS configuration (to allow HTTPS
connections) must be provided from your side as these files are server and client specific.
See chapter 10 for details.
# Shouldn't the next line be in /etc/sysconfig.conf instead?
echo 'module(load="imjournal" StateFile="imjournal.state" ratelimit.interval="10" ratelimit.burst="10000")' >> /etc/systemd/journald.conf
echo "$imjournalRatelimitInterval 60" >> /etc/rsyslog.conf
echo "$imjournalRatelimitBurst 60000" >> /etc/rsyslog.conf
systemctl restart rsyslog
OpenEMM requires read access to the mail log file at /var/log/maillog and logrotate has to
be aware of this fact, too. Open file /etc/logrotate.d/syslog and add the following line after
the line sharedscript
chmod 644 /var/log/maillog
# Warning: Installing ant installs unneeded java8
dnf install -y git libxml2-devel m4 ant
mkdir ~/git
cd ~/git
git clone https://github.com/agnitas-org/openemm
cd openemm/backend
./build-backend.py
cd ../frontend
cp build.properties.default build.properties
cp build-birt.properties.default build-birt.properties
cp build-ws.properties.default build-ws.properties
# edit above files
ant -f build.xml