Thunderbird and Lightning, DavMail & Exchange

Thunderbird is a cross platform email client, Lightning is a calendering add-on.  Lightning will be integrated into Thunderbird 3.  Thunderbird installation is straightforward, Lightning is installed from Thunderbird’s ‘Tools/Add-ons’ menu.

DavMail is an Exchange gateway that wraps standard protocols like IMAP around the proprietary interfaces to Exchange.  DavMail setup is straightforward, following the instructions on it’s website, all I had to provide was the OWA URL.

To configure IMAP in Thunderbird all I had to do was specify a server name of localhost and port of 1143, not 143.  To configure CalDAV I specified a CalDAV location of http://localhost:1080/users/me@mydomain.com/calendar   To configure SMTP for outgoing mail I specified localhost port 1025, not 25.

I couldn’t figure out how to use DavMail LDAP, the documentation is too cryptic. Instead I configured a Thunderbird address book to directly access Active Directory, which works only locally on the LAN.  With the address book available autocompletion works also. 

Trying to replicate the directory for offline access did not work for me, however.  This is supposed to be fixed in a later release.  To work around not having the Exchange address book offline I installed Email Address Crawler which instantly scooped every to or from address from my existing mails into an address book.   I took this home and it worked as expected: I could send and receive mails and had a limited address book.

Having proven this configuration under Windows I installed Ubuntu in a VM and used Synaptic to install Thunderbird. Lightning and DavMail are downloaded and installed the same way as on Windows.  I did, however, run into a defect and workaround installing Lightning.

This solution seems to work OK, but I noticed some issues with the HTML email editor. This is improved in Thunderbird 3, which went into its fourth beta release a few days ago.

Email Strategy

Should you upgrade Microsoft Exchange or switch to an alternative? It depends what you want. In addition to hosting your own solution it is now possible to outsource to a SaaS provider, providing management and investors are comfortable with the idea. Requirements to consider:

  • Compatibility with Microsoft Outlook. All mail servers support IMAP and POP to access and download mail, but fewer solutions support Microsoft’s various proprietary protocol and extensions (eg. MAPI/RPC) used by more advanced features of Outlook. Open source implementations are still a work in progress.
  • Storage management. Traditionally mail servers have supported a mailbox of up to 1-2GB, but what happens when a user accumulates more than that?
  • Spam filtering and support for e-discovery. Postini addresses this well upstream from your corporate mail server and eliminates this as an issue.
  • Smartphone integration. More proprietary protocols are used to synchronize smartphones using Windows ME or Blackberry OS.
  • Cost.

Solutions to consider:

  • Google. Google offers a hosted solution with IMAP. Premier edition offers 25GB storage and 99.9% uptime (=8-9 hours/year downtime) for $50/yr.
  • Yahoo Zimbra. Competing solutions similar to Zimbra include Zarafa, Axigen and Scalix (fka. HP OpenMail). Zimbra gets the best reviews, however.
  • MailStreet and Apptix have received good reviews for providing hosted Microsoft Exchange email services. MailStreet charges around $8/mo. including Outlook licence and 2GB storage.

Looking into the future Open-Xchange is closest to providing an open source solution including MAPI/RPC.

Trac on Solaris using Apache mod_python and https

If Trac is being used by a distributed team over the internet we want to remove all privileges from unauthenticated users:

for perm in BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW MILESTONE_VIEW 
REPORT_SQL_VIEW REPORT_VIEW ROADMAP_VIEW SEARCH_VIEW TICKET_CREATE TICKET_MODIFY TICKET_VIEW 
TIMELINE_VIEW WIKI_CREATE WIKI_MODIFY WIKI_VIEW
do
  trac-admin $tracenv permission remove anonymous $perm
  trac-admin $tracenv permission add authenticated $perm
done

We also want to encrypt traffic to the site. To do this I tried stunnel…

/opt/csw/bin/pkg-get -i stunnel

…and placed the following in /opt/csw/etc/stunnel/stunnel.conf

 [https]
accept  = 443
connect = 8000

I also commented out the chroot setup. Once configured all that is required is to run

cd /opt/csw/etc/stunnel 
/opt/csw/bin/stunnel

…and change /var/opt/csw/trac/conf/trac.ini

 [trac]
authz_file =
authz_module_name =
base_url = https://trac.mydomain.com

The bad news is that Trac 0.10.4 does not consistently use base_url, so creating a ticket, for example, redirects the user to an http page.

PATH=/opt/csw/bin:$PATH
tracenv=/var/opt/csw/trac
HTTPS=1; export HTTPS
nohup tracd --port 8000 $tracenv &

To resolve this issue I decided to move from tracd/stunnel to Apache2/mod_python. The default Solaris 10 distribution includes apache2 but not mod_python. Instead I installed mod_python from Blastwave, which in turn automatically installs the Blastwave cswapache2 package below /opt/csw/apache2.

pkg-get install ap2_modpython

We will want to run trac under apache2 using a dedicated account:

groupadd -g 202 trac
useradd -g trac -u 202 -d /var/opt/csw/trac trac
chown -R trac:trac /var/opt/csw/trac

Modified /opt/csw/apache2/etc/httpd.conf

User trac
Group trac
…
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
…

   SetHandler mod_python
   PythonInterpreter main_interpreter
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnv /var/opt/csw/trac

Created a self-signed certificate for the site:

cd /opt/csw/apache2/etc
PATH=$PATH:/usr/sfw/bin
/usr/sfw/bin/openssl genrsa -out server.key 2048
/usr/sfw/bin/openssl req -new -x509 -key server.key -out server.crt -days 365 -subj "/C=US/ST=Florida/O=My Company/CN=trac.mydomain.com"

Modified /opt/csw/apache2/etc/extra/httpd-ssl.conf

ServerName trac.mydomain.com
…

   SetHandler mod_python
   PythonInterpreter main_interpreter
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnv /var/opt/csw/trac

To start Blastwave Apache2 using SMF on Solaris:

svccfg -s cswapache2 setprop httpd/ssl=true
svccfg -s cswapache2 listprop

svcadm enable cswapache2

To check status

svcs cswapache2
svcs –xv
Scroll to top