sudo useradd james
Installing James as a service of CentOS
TweetPosted on Thursday Feb 05, 2015 at 05:16PM in Technology
In previous posting, I set up James as a plain standalone application on OS X. this time I’m going to install James as a service on CentOS 6.6, and expose its SMTP, POP3 and IMAP ports to external network.
Create a user for James
The java
process of James will run james
user which added in this step.
Extract tarball
I’ll use james-server-app-3.0.0-beta5-SNAPSHOT-app.tar.gz
which built in previous posting.
sudo tar zxvf james-server-app-3.0.0-beta5-SNAPSHOT-app.tar.gz -C /usr/local --no-same-owner sudo chown -R james:james /usr/local/james-server-app-3.0.0-beta5-SNAPSHOT sudo ln -s /usr/local/james-server-app-3.0.0-beta5-SNAPSHOT /usr/local/james
Change ports that James will listen
Add offset of 10000
to bind
element in smtpserver.xml
, pop3server.xml
and imapserver.xml
respectively as I did in previous posting.
Reduce heap size
Default maximum heap size of James is 512MB but it’s too large for me because I have only small amount of memory on the server so I reduced it to more smaller. this can be done with modifying the file $JAMES_HOME/conf/wrapper.conf
as follows:
wrapper.java.maxmemory=256
Define user to startup script
In $JAMES_HOME/bin/james
there’s a variable which defines the user to run the process of James. so set it to james
as follows:
RUN_AS_USER=james
Register the startup script
sudo ln -s /usr/local/james/bin/james /etc/init.d sudo chkconfig --add james sudo chkconfig james on
Now we can control James with service
command as follows:
sudo service james start sudo service james stop
Also James will be launched / shutdown automatically at every boot/shutdown process of CentOS.
NOTE on some environment, following error may occur.
$ sudo service james start Starting Apache James :: Server :: App... /usr/local/james-server-app-3.0.0-beta5-SNAPSHOT/bin/james: /usr/local/james-server-app-3.0.0-beta5-SNAPSHOT/bin/./wrapper-linux-x86-32: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory $
According to this discussion, it related to the environment which used in build. then the problem should be fixed with issuing following command:
sudo yum install glibc.i686
Configure port forwarding
This makes SMTP, POP3 and IMAP ports to be forwarded to ports of James listening. this enables us to launch James process as a regular user owning process, not root process. here’s an example of /etc/sysconfig/iptables
:
*nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination :10025 -A PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to-destination :10110 -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-destination :10143 COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 10025 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 10110 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 10143 -j ACCEPT COMMIT
After update the /etc/sysconfig/iptables
file, restart the iptables serivce as follows:
sudo service iptables restart
Remaining tasks such as registering shutdown hook of Derby, creating domains, users…
NOTE: You should make James to use secured connection
Currently all of communication between the server and client is clear text so any data including credentials can be sniffed. I would try to configure James to use secured connection in another post later.