# cat /usr/share/doc/sogo/README.Debian
SOGo for Debian
---------------

The SOGo debian package differs from upstream in placing the
configuration file in /etc/sogo/sogo.conf instead of using the GNUstep
user defaults that are placed under the home directory of the user
used to run SOGo. This file is parsed as GNUstep defaults in the
"sogod" domain, which means you must not specify the sogod domain in
the configuration file (there shouldn't be a "sogod = {" in
/etc/sogo/sogo.conf).

The second difference is that it is linked with GnuTLS instead of
OpenSSL. Because GnuTLS doesn't implement functions needed to validate
S/MIME signatures, validation of S/MIME signatures is disabled in the
web interface.

-- Jeroen Dekkers <jeroen@dekkers.ch>, Thu, 14 Jun 2012 14:21:00 +0200

deb http://inverse.ca/debian wheezy wheezy

apt-get install sogo apache2 apache2-mpm-prefork memcached python-memcache mysql-server-5.5 mysql-client-5.5

root@sogo-1:~# mysql -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 44
Server version: 5.5.40-1 (Debian)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> CREATE DATABASE sogo CHARSET='UTF8';
Query OK, 1 row affected (0.00 sec)

mysql> CREATE USER 'sogo'@'localhost' IDENTIFIED BY 'secret';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON sogo.* TO 'sogo'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> USE sogo;
Database changed
mysql> CREATE TABLE sogo_users (c_uid VARCHAR(10) PRIMARY KEY, c_name VARCHAR(10), c_password VARCHAR(32), c_cn VARCHAR(128), mail VARCHAR(128">;
Query OK, 0 rows affected (0.01 sec)

mysql> INSERT INTO sogo_users VALUES ('paul', 'paul', MD5('zxc'), 'Paul Example', 'paul@example.com');
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO sogo_users VALUES ('piet', 'piet', MD5('zxc'), 'Piet Jansen', 'piet@example.com');
Query OK, 1 row affected (0.01 sec)

mysql> INSERT INTO sogo_users VALUES ('klaas', 'klaas', MD5('zxc'), 'Klaas van der Zee', 'klaas@example.com');
Query OK, 1 row affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye
root@sogo-1:~#

root@sogo-1:~# a2enmod proxy proxy_http headers rewrite ssl actions cgid
Enabling module proxy.
To activate the new configuration, you need to run:
service apache2 restart

a2ensite default-ssl

openssl genrsa -out sogo.key 1024
openssl req -new -x509 -days 365 -key sogo.key -out sogo-1.cert

Alias /SOGo.woa/WebServerResources/
/usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/
/usr/lib/GNUstep/SOGo/WebServerResources/

<Directory /usr/lib/GNUstep/SOGo/>
AllowOverride None

<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>

# Explicitly allow caching of static content to avoid browser specific behavior.
# A resource's URL MUST change in order to have the client load the new version.
<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
</Directory>

## Uncomment the following to enable proxy-side authentication, you will then
## need to set the "SOGoTrustProxyAuthentication" SOGo user default to YES and
## adjust the "x-webobjects-remote-user" proxy header in the "Proxy" section
## below.
#
## For full proxy-side authentication:
#<Location /SOGo>
# AuthType XXX
# Require valid-user
# SetEnv proxy-nokeepalive 1
# Allow from all
#</Location>
#
## For proxy-side authentication only for CardDAV and GroupDAV from external
## clients:
#<Location /SOGo/dav>
# AuthType XXX
# Require valid-user
# SetEnv proxy-nokeepalive 1
# Allow from all
#</Location>

ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On

# When using CAS, you should uncomment this and install cas-proxy-validate.py
# in /usr/lib/cgi-bin to reduce server overloading
#
ProxyPass /SOGo/casProxy http://localhost/cgi-bin/cas-proxy-validate.py
<Proxy http://localhost/app/cas-proxy-validate.py>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0

# Enable to use Microsoft ActiveSync support
# Note that you MUST have many sogod workers to use ActiveSync.
# See the SOGo Installation and Configuration guide for more details.
#
#ProxyPass /Microsoft-Server-ActiveSync
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync
# retry=60 connectiontimeout=5 timeout=360

<Proxy http://127.0.0.1:20000/SOGo>
## adjust the following to your configuration
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "sogo.domaine.fr"
RequestHeader set "x-webobjects-server-url" "https://sogo.domaine.fr/SOGo/"

## When using proxy-side autentication, you need to uncomment and
## adjust the following line:
# RequestHeader unset "x-webobjects-remote-user"
RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e" env=REMOTE_USER

RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"

AddDefaultCharset UTF-8

Order allow,deny
Allow from all
</Proxy>

# For Apple autoconfiguration
<IfModule rewrite_module>
RewriteEngine On
RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
</IfModule>
RewriteEngine On
RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//GNUstep//DTD plist 0.9//EN" "http://www.gnustep.org/plist-0_9.xml">
<plist version="0.9">
<dict>
<key>NSGlobalDomain</key>
<dict>
</dict>
<key>sogod</key>
<dict>
<key>OCSFolderInfoURL</key>
<string>mysql://sogo:mdp@192.168.1.1:3306/sogo/sogo_folder_info</string>
<key>OCSSessionsFolderURL</key>
<string>mysql://sogo:mdp@192.168.1.1:3306/sogo/sogo_sessions_folder</string>
<key>SOGoACLsSendEMailNotifications</key>
<string>YES</string>
<key>SOGoAppointmentSendEMailNotifications</key>
<string>YES</string>
<key>SxVMemLimit</key>
<string>512</string>
<key>SOGoAuthenticationType</key>
<string>cas</string>
<key>SOGoCASServiceURL</key>
<string>https://cas.domaine.fr/cas</string>
<key>SOGoDraftsFolderName</key>
<string>INBOX/Drafts</string>
<key>SOGoFoldersSendEMailNotifications</key>
<string>YES</string>
<key>SOGoIMAPServer</key>
<string>imap.domaine.fr</string>
<key>SOGoLanguage</key>
<string>French</string>
<key>SOGoMailDomain</key>
<string>etu.domaine.fr</string>
<key>SOGoMailingMechanism</key>
<string>smtp</string>
<key>SOGoMemcachedHost</key>
<string>127.0.0.1</string>
<key>SOGoProfileURL</key>
<string>mysql://sogo:mdp@192.168.1.1:3306/sogo/sogo_user_profile</string>
<key>SOGoSMTPServer</key>
<string>127.0.0.1</string>
<key>SOGoSentFolderName</key>
<string>INBOX/Sent</string>
<key>SOGoTimeZone</key>
<string>Europe/Paris</string>
<key>SOGoTrashFolderName</key>
<string>INBOX/Trash</string>
<key>SOGoFirstDayOfWeek</key>
<string>1</string>
<key>SOGoUserSources</key>
<array>
<dict>
<key>CNFieldName</key>
<string>cn</string>
<key>IDFieldName</key>
<string>sAMAccountName</string>
<key>UIDFieldName</key>
<string>sAMAccountName</string>
<key>baseDN</key>
<string>ou=Utilisateurs,dc=domaine,dc=fr</string>
<key>bindDN</key>
<string>cn=Consultation,cn=Utilisateurs,dc=domaine,dc=fr</string>
<key>bindPassword</key>
<string>mdp</string>
<key>canAuthenticate</key>
<string>YES</string>
<key>displayName</key>
<string>Utilisateurs</string>
<key>hostname</key>
<string>192.168.1.2</string>
<key>id</key>
<string>eleve</string>
<key>isAddressBook</key>
<string>YES</string>
<key>port</key>
<string>389</string>
<key>type</key>
<string>ldap</string>
</dict>
</array>
<key>WOPort</key>
<string>127.0.0.1:20000</string>
</dict>
</dict>
</plist>

#!/usr/bin/python
# cas-proxy-validate.py - this file is part of SOGo
#
# Copyright (C) 2010 Inverse inc.
#
# Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This file is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; see the file COPYING. If not, write to
# the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.

# This script provides a CGI to avoid reentrancy issues when using SOGo in CAS
# mode

# debian dep: python-memcache

import cgi
import memcache
import os
import sys

config = { "cas-addr": "127.0.0.1",
"memcached-addrs": ["127.0.0.1:11211"] }

class CASProxyValidator:
def run(self):
if os.environ.has_key("GATEWAY_INTERFACE"):
self._runAsCGI()
else:
self._runAsCmd()

def _runAsCGI(self):
if self._cgiChecks():
form = cgi.FieldStorage()
if form.list == []:
message = "Empty parameters : assuming cert. validation"
self._printCGIError(message, 200)
return
if form.has_key("pgtId") and form.has_key("pgtIou"):
pgtIou = form.getfirst("pgtIou")
pgtId = form.getfirst("pgtId")
self._registerPGTIdAndIou(pgtIou, pgtId)
message = "'%s' set to '%s'"
% ("cas-pgtiou:%s" % pgtIou, pgtId)
self._printCGIError(message, 200)
else:
self._printCGIError("Missing parameter.")

def _cgiChecks(self):
rc = False

if os.environ["REQUEST_METHOD"] == "GET":
if os.environ["REMOTE_ADDR"] == config["cas-addr"]:
rc = True
else:
self._printCGIError("Who are you? (%s)" % os.environ["REMOTE_ADDR"])
else:
self._printCGIError("Only 'GET' is accepted.")

return rc

def _printCGIError(self, message, code = 403):
print("Status: %dn"
"Content-Type: text/plain; charset=utf-8nn%s"
% (code, message">

def _runAsCmd(self):
if len(sys.argv) == 3:
self._registerPGTIdAndIou(sys.argv[1], sys.argv[2])
print "set '%s' to '%s'"
% ("cas-pgtiou:%s" % sys.argv[1], sys.argv[2])
else:
raise Exception, "Missing or too many parameters."

def _registerPGTIdAndIou(self, pgtIou, pgtId):
mc = memcache.Client(config["memcached-addrs"])
mc.set("cas-pgtiou:%s" % pgtIou, pgtId)

if __name__ == "__main__":
process = CASProxyValidator()
process.run()

openssl x509 -in sogo.cert -out sogo.der -outform DER

keytool -import -keystore /usr/local/jdk1.7.0_71/jre/lib/security/cacerts -file sogo.der -alias sogo

keytool -list -keystore /usr/local/jdk1.7.0_71/jre/lib/security/cacerts |grep sogo

sogod[10042] File NSDictionary.m: 672. In -[NSDictionary initWithContentsOfFile:] Contents of file '/etc/sogo/sogo.conf' does not contain a dictionary

2015-01-21 10:49:26,261 DEBUG [org.jasig.cas.util.HttpClient] - Response Code did not match any of the acceptable response codes. Code returned was 403
2015-01-21 10:49:26,262 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler failed to authenticate the user which provided the following credentials: [callbackUrl: https://webmail.mydomain.fr/SOGo/casProxy]

127.0.0.1 localhost
::1 sogo-1.domaine.fr sogo ip6-localhost ip6-loopback

The problem was the quota
root name. I see that you are using the standard "User quota". If you
don't set this name in your config, things might work.
So instead of writing in your dovecot.conf:
quota = maildir:User quota
you write:
quota = maildir