Installing James as a service of CentOS

Posted on Thursday Feb 05, 2015 at 05:16PM in Technology

In previous posting, I set up James as a plain standalone application on OS X. this time I’m going to install James as a service on CentOS 6.6, and expose its SMTP, POP3 and IMAP ports to external network.

Create a user for James

The java process of James will run james user which added in this step.

sudo useradd james

Extract tarball

I’ll use james-server-app-3.0.0-beta5-SNAPSHOT-app.tar.gz which built in previous posting.

sudo tar zxvf james-server-app-3.0.0-beta5-SNAPSHOT-app.tar.gz -C /usr/local --no-same-owner
sudo chown -R james:james /usr/local/james-server-app-3.0.0-beta5-SNAPSHOT
sudo ln -s /usr/local/james-server-app-3.0.0-beta5-SNAPSHOT /usr/local/james

Change ports that James will listen

Add offset of 10000 to bind element in smtpserver.xml, pop3server.xml and imapserver.xml respectively as I did in previous posting.

Reduce heap size

Default maximum heap size of James is 512MB but it’s too large for me because I have only small amount of memory on the server so I reduced it to more smaller. this can be done with modifying the file $JAMES_HOME/conf/wrapper.conf as follows:

wrapper.java.maxmemory=256

Define user to startup script

In $JAMES_HOME/bin/james there’s a variable which defines the user to run the process of James. so set it to james as follows:

RUN_AS_USER=james

Register the startup script

sudo ln -s /usr/local/james/bin/james /etc/init.d
sudo chkconfig --add james
sudo chkconfig james on

Now we can control James with service command as follows:

sudo service james start
sudo service james stop

Also James will be launched / shutdown automatically at every boot/shutdown process of CentOS.

NOTE on some environment, following error may occur.

$ sudo service james start
Starting Apache James :: Server :: App...
/usr/local/james-server-app-3.0.0-beta5-SNAPSHOT/bin/james: /usr/local/james-server-app-3.0.0-beta5-SNAPSHOT/bin/./wrapper-linux-x86-32: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory
$

According to this discussion, it related to the environment which used in build. then the problem should be fixed with issuing following command:

sudo yum install glibc.i686

Configure port forwarding

This makes SMTP, POP3 and IMAP ports to be forwarded to ports of James listening. this enables us to launch James process as a regular user owning process, not root process. here’s an example of /etc/sysconfig/iptables:

*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination :10025
-A PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to-destination :10110
-A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-destination :10143
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10025 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10143 -j ACCEPT
COMMIT

After update the /etc/sysconfig/iptables file, restart the iptables serivce as follows:

sudo service iptables restart

Remaining tasks such as registering shutdown hook of Derby, creating domains, users…

Refer my previous posting.

NOTE: You should make James to use secured connection

Currently all of communication between the server and client is clear text so any data including credentials can be sniffed. I would try to configure James to use secured connection in another post later.

References

http://serverfault.com/questions/231381/iptables-forward-port-80-to-port-8080

Kohei Nozaki's blog