Forums

FastLaneJB
FastLaneJB
Offline
Resolved
0 votes
EDIT: Updated Z-Push to 1.5.2 and also to take into account the case of the ActiveSync folder.

Hi all,

OK this is mainly of use with Zarafa. It can be used with normal IMAP accounts and even Horde have a version in testing but I'm only covering Zarafa for this guide. This will need Tim's new Zarafa installed which uses Webconfig for the main HTTP engine rather than the seperate Apache engine.

So first lets get Z-Push into a directory ready to go.

cd /tmp
wget http://download.berlios.de/z-push/z-push-1.5.2.tar.gz
tar -zxvf z-push-1.5.2.tar.gz
mv z-push /usr/share/z-push
chown apache:webconfig /usr/share/z-push/state
chmod 775 /usr/share/z-push/state


Now edit the config file so it's got your timezone in it. So in my case this is Europe/London and this goes in the line which says date_default_timezone_set("Europe/London");

nano /usr/share/z-push/config.php


Make the change and save the file.

OK the directory is in place, now we just need to add the configs to webconfig and Apache as well so it's available on the normal ports if you want.

nano /usr/webconfig/conf/httpd.d/z-push.conf


Now paste this text into the file and save it with Control + X

#
# Z-Push Activesync Protocol Website
#
Listen 85

<VirtualHost _default_:85>
SSLEngine on
SSLCertificateFile /usr/webconfig/conf/server.crt
SSLCertificateKeyFile /usr/webconfig/conf/server.key
SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:+SHA1:+MD5:+HIGH:+MEDIUM
DocumentRoot "/usr/share/z-push/"

<Directory /usr/share/z-push>
php_flag magic_quotes_gpc off
php_flag register_globals off
php_flag magic_quotes_runtime off
php_flag short_open_tag on
</Directory>

Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php
Alias /Microsoft-Server-Activesync /usr/share/z-push/index.php

SetEnvIf Request_URI "^/Microsoft-Server-ActiveSync(/|$)" zpush_request
SetEnvIf Request_URI "^/Microsoft-Server-Activesync(/|$)" zpush_request
CustomLog /var/log/httpd/zpush_access_log common env=zpush_request

</VirtualHost>


The bottom lines should give you a seperate logfile for Z-Push requests which will be /var/log/httpd/zpush_access_log so you can track requests easily if you so wish.

Now restart webconfig.

service webconfig restart


This will give you ActiveSync available on port 85. You'll need to open this on your firewall for it to work of course as an incoming port. Also when entering the server into your Activesync device don't forget to put the port number on the end so server.domain.com:85 will work.

Now if you've got the Web Server module installed and fired up you can make activesync available on this as well. I only do it on SSL so passwords are secure. You just need to edit one file.

nano /etc/httpd/conf.d/ssl.conf


Paste these lines in before the </VirtualHost> at the end.

# Z-Push

<Location /Microsoft-Server-ActiveSync>
ProxyPass https://127.0.0.1:85/Microsoft-Server-ActiveSync
ProxyPassReverse https://127.0.0.1:85/Microsoft-Server-ActiveSync
</Location>

<Location /Microsoft-Server-Activesync>
ProxyPass https://server.kinectech.com:85/Microsoft-Server-Activesync
ProxyPassReverse https://server.kinectech.com:85/Microsoft-Server-Activ$
</Location>


Add these lines in as well if you haven't already done so. They aren't in there by default if I remember right.

# Enable Reverse Proxy
ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

# Enable SSL Proxy Engine
SSLProxyEngine on


Now restart Apache...

service httpd restart


Now you should be able to access Activesync by using server.domain.com without the port 85 but only with SSL on. Normal HTTP requests won't work and this is best for security so passwords aren't send over the internet in plain text.

Let me know if there's anything up here. Hope it helps you all out.
Sunday, March 27 2011, 07:16 PM
Share this post:
Responses (36)
  • Accepted Answer

    Robert
    Robert
    Offline
    Saturday, January 04 2014, 05:47 PM - #Permalink
    Resolved
    0 votes
    Hi,

    This forum is very good and always helpful to me. I have a problem with z-push and android. z-push is installed (by using yum install zarafa-z-push) and I can access is over https://server/Microsoft-Server-ActiveSync. It asks for username and password and says the classical: GET not supported by this device.

    Now when I setup z-push under settings - corporate, I can push sync multiple times, but nothing happens. It does not give any error, but also does not sync anything. My feeling is, that is syncs not with the user I setup, but with an empty zarafa-mail-box.

    I setup:

    email address: user@domain.de
    Domain: empty
    username: username
    password: password
    Server: IP of server
    use ssl: yes
    accept all ssl certificates: yes

    client certificates (none installed)

    port: 443

    It tells me when I push "done":

    The server requires that you allow it to remotely control some security features of your Android device. Do you want to finish setting up this account?

    I push yes and manually on sync and it does something for a second and then nothing.

    Am I missing some permissions on the android? I have a Huawei Y300 with the newest firmware.available (4.1.1)

    I thanks for any hint.

    Best

    Robert
    The reply is currently minimized Show
  • Accepted Answer

    Rogier
    Rogier
    Offline
    Friday, June 28 2013, 09:07 AM - #Permalink
    Resolved
    0 votes
    Hi Jeff,

    No that it's working again for you. Does the Microsoft ActiveSync test still fail with that error message?
    I'm in the same boat
    The reply is currently minimized Show
  • Accepted Answer

    Jeff
    Jeff
    Offline
    Wednesday, May 16 2012, 05:45 PM - #Permalink
    Resolved
    0 votes
    All,

    Ok reinstalled z-push and edited the config and all is working now?? Thanks for the check/response Tim. As far as the android question. I have both iPhone and a Motorola S 2 Skyrocket phone and a Asus transformer prime syncing with z-push. the androids are running a program called touchdown. It syncs contacts, tasks, calendar, and, oh yeah mail. it is not free but absolutely works the best across platforms (i.e. version os android) and also supports multiple exchange / z-push accounts at the same time and setup is a breeze, actually auto configures properly and works afterwards.
    The reply is currently minimized Show
  • Accepted Answer

    FastLaneJB
    FastLaneJB
    Offline
    Wednesday, May 16 2012, 02:25 PM - #Permalink
    Resolved
    0 votes
    Tim Burgess wrote:
    Link works OK here and prompts for credentials when asked

    I haven't tried the Exchange tester for a while, have you tried with just username / password, without the DOMAIN\ prefix?


    I've not tried it for a long time either however in my experience Microsoft changed their site quite a while ago and Z-Push doesn't pass the tests even when devices can connect and work with it.

    So it's a great tool for testing an Exchange installation but for Z-Push you should ignore it. Just set it up to the point you believe it should be fine and then try and connect a device to it.
    The reply is currently minimized Show
  • Accepted Answer

    FastLaneJB
    FastLaneJB
    Offline
    Wednesday, May 16 2012, 02:13 PM - #Permalink
    Resolved
    0 votes
    Hi Rudd,

    I don't have an Android device so I cannot help you on questions as to what applications are better there but Active Sync doesn't support syncing Notes in the protocol. Microsoft haven't added it in and hence Z-Push won't do it either because they are just reverse engineering and implementing the ActiveSync protocol.

    This is a good list of what features various clients provide with Activesync.

    Comparison of Exchange ActiveSync clients

    As you can see even Microsoft's own Windows Phone 7.5 doesn't implement a lot of the features. Only the old Windows Phone 6 devices really seem to support the bulk of the protocol. iOS used to lead the field here for third parties which implement Activesync however modern Android and Windows Phone 7.5 seem to have caught up (And in Windows Phone 7.5 support a few more features now).

    Z-Push however has issues, bugs which appear that you might not have with a proper Exchange server.

    They have their own device list.

    Z-Push Activesync device list

    Hopefully between all of that you'll know how well you'll get on with the devices you own!

    Cheers,
    James
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, May 16 2012, 01:00 PM - #Permalink
    Resolved
    0 votes
    Hi,

    with the upgrade ahead to COS 6 I am also looking into replacing SOGo for Zarafa.
    For me syncing tasks and notes to multiple android devices is key.
    SOGo uses Funambol (syncml) to do the trick, I think Z-Push is is the Activesync counterpart.

    What tasks and notes app on android work with Zarafa tasks and notes via z-push?
    (Currently use Astrid for tasks and OI notes for notes)

    Thanks in advance,
    Ruud.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, May 16 2012, 11:45 AM - #Permalink
    Resolved
    0 votes
    Link works OK here and prompts for credentials when asked

    I haven't tried the Exchange tester for a while, have you tried with just username / password, without the DOMAIN\ prefix?
    The reply is currently minimized Show
  • Accepted Answer

    Jeff
    Jeff
    Offline
    Wednesday, May 16 2012, 11:31 AM - #Permalink
    Resolved
    0 votes
    trying to get z-push going on the re-install and here are my analyzer results. can anyone pont me in the right direction to get this going? fails during the http authentication test....


    ExRCA is testing Exchange ActiveSync.
    The Exchange ActiveSync test failed.

    Test Steps

    Attempting to resolve the host name mail.jeffwear.com in DNS.
    The host name resolved successfully.

    Additional Details
    Testing TCP port 443 on host mail.jeffwear.com to ensure it's listening and open.
    The port was opened successfully.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.

    Test Steps
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.

    Additional Details
    Testing HTTP Authentication Methods for URL https://mail.jeffwear.com/Microsoft-Server-ActiveSync/.
    The HTTP authentication test failed.
    Tell me more about this issue and how to resolve it

    Additional Details
    The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 28 2011, 10:38 PM - #Permalink
    Resolved
    0 votes
    Hi Tim

    upgraded z-push thismorning using your RPM (removing old config first.)

    must be something silly with Apache.. https://mydomain gives cert issued to localhost.localdomain.
    It's probibly been like this since the server was comissioned. havn't had to use the SSL certs before (everything was accessed from LAN)
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 28 2011, 10:22 PM - #Permalink
    Resolved
    0 votes
    Hi Luke, hmm do you have anything specified in /etc/httpd/conf.d/zarafa-z-push.conf?

    Assuming the webserver is functioning OK, what what certificate is provided when you visit https://yourdomain.com

    If you have created your own SSL certificate (and not the system one used for the webconfig) then you'll need to change the paths in /etc/httpd/conf.d/ssl.conf so that it points to your own user cert and private key, something like-
    SSLCertificateFile /etc/ssl/usr-1-cert.pem
    SSLCertificateKeyFile /etc/ssl/private/usr-1-key.pem

    Then 'service httpd restart'
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 28 2011, 10:06 PM - #Permalink
    Resolved
    0 votes
    I'm banging my head over SSL cert problems...

    I cannot work out which damn cert Apache is using for SSL...
    www.testexchangeconnectivity.com tells me the following error...

    Host name mx.avalonltd.co.nz doesn't match any name found on the server certificate E=root@localhost.localdomain, CN=localhost.localdomain, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, S=SomeState, C=--.

    Ideas??

    All certs shown in webconfig cert manager appear to be correct.
    I've checked /etc/httpd/conf.d/ssl.conf for paths
    i've checked the certs indicated by ssl.conf - stored in /etc/pki/tls/certs - all appear to be correct.
    I'm not sure where else to look.. :dry:
    The reply is currently minimized Show
  • Accepted Answer

    Jeff
    Jeff
    Offline
    Thursday, June 23 2011, 04:12 PM - #Permalink
    Resolved
    0 votes
    Here are the results from my z-push install. after the install my connections to zarafa via iIMAPS stopped working. when I uninstalled the z-push everything is back to normal with IMAPS. On my zarafa gateway I'm using ports 8110, 8995, 8143, 8993 not sure if that is contributing to the issue with the z-push install killing things?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 23 2011, 03:54 PM - #Permalink
    Resolved
    0 votes
    It depends!

    Two places...if your using the webserver and normal https connection, then its part of the web server config. /etc/httpd/conf.d/ssl.conf. Look for:-
    SSLCACertificateFile
    SSLCertificateKeyFile
    Then restart the webserver with 'service httpd restart'

    If your connecting direct to the webconfig on port 81, then it will be the webconfig system certificate at /usr/webconfig/conf/httpd.conf
    SSLCertificateFile /usr/webconfig/conf/server.crt
    SSLCertificateKeyFile /usr/webconfig/conf/server.key
    Then restart the webconfig with 'service webconfig restart'

    A side note for completeness...Zarafa-Gateway for POP3S or IMAPS uses another path :S
    ssl_private_key_file = /etc/zarafa/gateway/privkey.pem
    ssl_certificate_file = /etc/zarafa/gateway/cert.pem
    These files are generated from the webconfig certs but can be changed to suit in /etc/zarafa/gateway.cfg

    Now....where were my keys?! :laugh:
    The reply is currently minimized Show
  • Accepted Answer

    Jeff
    Jeff
    Offline
    Thursday, June 23 2011, 03:38 PM - #Permalink
    Resolved
    0 votes
    Tim,

    One other Question and feel free to slap me if this should be in the Zarafa thread, but where is the certificate coming from for z-push / zarafa? because I keep getting a generic certificate returned and not the certificate being used by the system? I'm guessing I haven't copied the system certificate to where Zarafa and Z-Push can use it.
    The reply is currently minimized Show
  • Accepted Answer

    Jeff
    Jeff
    Offline
    Thursday, June 23 2011, 01:55 PM - #Permalink
    Resolved
    0 votes
    Thanks tim for the quick reply!
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 23 2011, 09:38 AM - #Permalink
    Resolved
    0 votes
    Hi Jeff, it will also work with 6.40.7, this is the oldest version which moved over to using the webconfig for 'webmail'
    The reply is currently minimized Show
  • Accepted Answer

    Jeff
    Jeff
    Offline
    Thursday, June 23 2011, 04:47 AM - #Permalink
    Resolved
    0 votes
    Tim,

    Just to be sure before I install Z-Push, do I need Zarafa 6.40.8 installed. I just upgraded to your 6.40.7 RPM today and it resolved a problem I was having with attachments. Can upgrade to 6.40.8 if need be, or is it safe to run with 6.40.7.

    Thanks to both FastlaneJB and you for your work on this!
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, June 22 2011, 11:59 AM - #Permalink
    Resolved
    0 votes
    No problem FastlaneJB, seems to be working well :) definitely looking forward to HTML email for Android devices, seems a bit daft having to rely on IMAP or using text only.

    Thanks for the feedback Luke!
    (p.s you might be interested in the android app K-9 Mail which is a nice improvement over the stock android mail app, and in my testing seemed to work better with Zarafa IMAP)
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, June 22 2011, 10:38 AM - #Permalink
    Resolved
    0 votes
    Hi tim.
    Nice work on the rpm. reinstated z-push a couple of days ago, nice to have the lap integration
    have been gving it a workout with my nice shiny galaxy-z :)
    The reply is currently minimized Show
  • Accepted Answer

    FastLaneJB
    FastLaneJB
    Offline
    Wednesday, June 15 2011, 04:05 PM - #Permalink
    Resolved
    0 votes
    Hi Tim,

    Thanks so much for turning this into an RPM. I just never managed to make the time to do this myself. Also I'm glad it's working for you because I was beginning to wonder if I'd missed something out with the number of people who didn't seem to be able to get it working. The RPM will hopefully fix that and make it a lot easier for them.

    Strange that MS's tester site fails on the FolderSync as it never used to fail with Z-Push, I'm guessing they added in a new check and Z-Push doesn't support it yet. Version 2.0 which is in beta I believe is adding some nice new features like HTML e-mail on devices other than the iPhone for instance.

    I hope ClearOS Enterprise 6.0 comes with Z-Push built in as I think most companies want push e-mail to their mobiles these days but failing that I'm sure we can add it in ourselves again, just would be nice to have when Zarafa arrives in the OS as standard. It can be configured to work with Horde as well, I've just not tried that.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, June 15 2011, 12:45 PM - #Permalink
    Resolved
    0 votes
    OK - I finally got a new phone so was able to test this out, it seems to be working with my HTC Desire S.

    I'm using this with Zarafa 6.40.8 (using the System-Mysql backend)

    It's available as an RPM zarafa-z-push, you can grab it from HERE or use yum

    If you have already installed Z-push manually I would recommend uninstalling it first! as it may overwrite or clash with your custom install.
    rm -rf /usr/share/z-push/
    rm -rf /etc/httpd/conf.d/z-push.conf
    rm -rf /usr/webconfig/conf/httpd.d/z-push.conf


    Preinstall:-
    - Setup and install the webserver, and enable SSL
    - Configure a valid SSL certificate that matches your DNS server name

    To install:-
    yum --enablerepo=timb-testing install zarafa-z-push
    service httpd restart
    service webconfig restart
    vi /etc/zarafa/z-push/searchldap.php

    change LDAP_BIND_USER,LDAP_BIND_PASSWORD and LDAP_SEARCH_BASE to values from the webconfig LDAP

    It will create an alias for https://mydomain.com/Microsoft-Server-ActiveSync under the normal web server, and also under the webconfig port 81. You can test this by pointing your browser at either :-
    https://mydomain.com/Microsoft-Server-ActiveSync
    https://mydomain.com:81/Microsoft-Server-ActiveSync

    Logs will be created at /var/log/zarafa/zpush_access_log

    It uses a ProxyPass directive so that you only need to open port 443 on the firewall. It also listens on port 80, but I would suggest that you configure all devices to connect using SSL

    You can test your setup by using https://www.testexchangeconnectivity.com/ (note that it will still fail at the last FolderSync stage with 449 error...but devices seem to work OK)

    You'll need to specify the Exchange ActiveSync server (name must match the SSL certificate for your website)
    You'll need to provide a login in the form DOMAIN\user, which should match your LDAP user
    Tick "ignore trust for SSL" if you are using self signed certificates

    For all your mobile devices you'll need to configure in a similar manner

    BIG thanks to FastlaneJB, as most of the above is derived from his efforts :)

    P.S I have corrected the issue with case sensitive ProxyPass, officially all URL's should be in the form /Microsoft-Server-ActiveSync, although their site actually requests /Microsoft-Server-Activesync. I've confirmed this with someone from Microsoft, and they have a new version coming out soon
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, April 17 2011, 10:39 AM - #Permalink
    Resolved
    0 votes
    Tim Burgess wrote:
    Hi Patrick, if you have the normal web server running you can still try the older installation method:-

    cd /tmp
    wget http://download.berlios.de/z-push/z-push-1.5.1.tar.gz
    tar -zxvf z-push-1.5.1.tar.gz
    mv z-push /usr/share/z-push
    chown apache:webconfig /usr/share/z-push/state
    chmod 775 /usr/share/z-push/state

    nano /usr/share/z-push/config.php ## check the timezone

    nano /etc/httpd/conf.d/z-push.conf


    Add the following config
    #
    # Z-Push - ActiveSync over-the-air implementation for Zarafa
    #

    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php

    # If the PHP settings are not set up correctly, login will fail
    #
    <Directory /usr/share/z-push/>

    # Some apache settings
    Options -Indexes +FollowSymLinks

    # Register globals must be off
    php_value register_globals off

    # Magic quotes must be off
    php_value magic_quotes_gpc off
    php_value magic_quotes_runtime off

    # Short open tags must be on
    php_value short_open_tag on

    # Allow passing variable by reference
    php_value allow_call_time_pass_reference on
    </Directory>

    Then 'service httpd restart' and configure your mobile to use the following address
    http://server.domain.com/Microsoft-Server-ActiveSync



    Hi Tim,

    I won't be able to change my setup and do some testing the next few weeks.
    When i've a chance i take a look in the z-push configurations.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 16 2011, 10:11 PM - #Permalink
    Resolved
    0 votes
    Hi! thanks for confirming that :) I was stuck at the same point on the tester, and without an Android phone (yet!) I was unable to check if things were still working

    My only conclusion so far is that we should do exactly as you have posted on the first page on this thead!
    The reply is currently minimized Show
  • Accepted Answer

    FastLaneJB
    FastLaneJB
    Offline
    Saturday, April 16 2011, 09:56 PM - #Permalink
    Resolved
    0 votes
    Hi Tim,

    Z-Push does need PHP-MAPI which is why running it off the Webconfig solves the issue the same as it did for Zarafa.

    My iPhone is still working fine however since writing these instructions I can no longer pass the Exchange Activesync tester like I could before so Microsoft might have changed something there. I also was needed to change it to Activesync over ActiveSync to get beyond (I've added both to the config file to be on the safe side).

    I've updated Z-Push to 1.5.2 but still no dice. I'm getting as far as ...

    Attempting the FolderSync command on the Exchange ActiveSync session. 
    The test of the FolderSync command failed.
    Additional Details
    A Web exception occurred because an HTTP 449 - 449 response was received from Unknown


    I've deleted the Exchange account off my iPhone and reset it up and it's working fine. So while it's failing the tester, it's getting mail on the device. Will need to do some research on if this is an issue with my setup or to do with Z-Push as a whole.

    I'm using a proper signed certificate for Apache and the same certificate for webconfig. It hadn't occured to me the issues of having different certs of both sites. Maybe it would be wise to tell the site to use the same certificate as Apache would use by default over the webconfig certificate to solve that issue. I'd rather do that than make the site a none SSL site and then secure it just with the default Apache.

    Microsoft's tester won't let you use a port it would seem but my iPhone lets me specify a port and works just fine with that so certainly with an iPhone you could punch a hole in the firewall for port 85 and work without the normal webserver.

    I'd be curious if people with Android phones / Windows Mobile and such can get it working or not.

    I'll tweak the instructions on the front page to take into account the different case at least for now.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 16 2011, 09:15 PM - #Permalink
    Resolved
    0 votes
    Ugh, Z-push still has a dependancy on php-mapi for the version of PHP that the web server uses... :(

    Creating a proxypass to get it to send traffic back through port 84 also creates multiple SSL certificate issues. You have the SSL certificate for the web server, and additionally the webconfig. If the hostnames don't match you have a problem...

    I need to think about this further, integration with the webconfig apache is making this harder than it should be.

    I don't have a mobile to test with - so can anyone confirm whether you are able to succesfully change the port to connect to? or is it always 443 (https)
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 16 2011, 08:45 PM - #Permalink
    Resolved
    0 votes
    After a lof testing with https://www.testexchangeconnectivity.com/ I discovered a very small but significant issue!

    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php #doesn't work
    Alias /Microsoft-Server-Activesync /usr/share/z-push/index.php #does!

    Might want to check for the capitals?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 16 2011, 07:28 PM - #Permalink
    Resolved
    0 votes
    Hi Patrick, if you have the normal web server running you can still try the older installation method:-

    cd /tmp
    wget http://download.berlios.de/z-push/z-push-1.5.1.tar.gz
    tar -zxvf z-push-1.5.1.tar.gz
    mv z-push /usr/share/z-push
    chown apache:webconfig /usr/share/z-push/state
    chmod 775 /usr/share/z-push/state

    nano /usr/share/z-push/config.php ## check the timezone

    nano /etc/httpd/conf.d/z-push.conf


    Add the following config
    #
    # Z-Push - ActiveSync over-the-air implementation for Zarafa
    #

    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php

    # If the PHP settings are not set up correctly, login will fail
    #
    <Directory /usr/share/z-push/>
    # Some apache settings
    Options -Indexes +FollowSymLinks

    # Register globals must be off
    php_value register_globals off

    # Magic quotes must be off
    php_value magic_quotes_gpc off
    php_value magic_quotes_runtime off

    # Short open tags must be on
    php_value short_open_tag on

    # Allow passing variable by reference
    php_value allow_call_time_pass_reference on
    </Directory>

    Then 'service httpd restart' and configure your mobile to use the following address
    http://server.domain.com/Microsoft-Server-ActiveSync
    The reply is currently minimized Show
  • Accepted Answer

    Roman
    Roman
    Offline
    Wednesday, April 06 2011, 05:52 AM - #Permalink
    Resolved
    0 votes
    And here I find that kolab start ActiveSync support http://wiki.kolab.org/index.php/Z_push
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, April 05 2011, 05:46 PM - #Permalink
    Resolved
    0 votes
    Tim,

    i can't get it to work.

    I can't make a connection with the server. tried every option a axplained and every combination.
    The reply is currently minimized Show
  • Accepted Answer

    Roman
    Roman
    Offline
    Tuesday, April 05 2011, 02:59 AM - #Permalink
    Resolved
    0 votes
    Hi all!
    Enybody try to use z-push Horde backend?
    http://z-push.sourceforge.net/phpbb/viewtopic.php?f=4&t=879

    And look here http://wiki.horde.org/ActiveSync??????
    What version of Horde in ClearOS 5.2?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, April 04 2011, 08:45 PM - #Permalink
    Resolved
    0 votes
    Hi Patrick, the howto above is good to use! :)

    Hi FastlaneJB, are you interested in building the RPM still?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 31 2011, 06:31 PM - #Permalink
    Resolved
    0 votes
    hi guys,

    is it already save to use the new configuration, or is it better to wait on the rpm.

    thanks

    Patrick
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, March 27 2011, 09:33 PM - #Permalink
    Resolved
    0 votes
    I agree - I think it would be better to keep the Z-push config file changes seperate from Zarafa to prevent overlap and upgrade issues.

    Thinking about it a little more and reviewing the SRC RPM above, there's no need to redefine a whole new virtual host, as it already sits on the HTTPS webconfig apache

    Create /usr/webconfig/conf/http.d/z-push.conf to look something like:-
    #
    # Z-Push - ActiveSync over-the-air implementation for Zarafa
    #

    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php

    # If the PHP settings are not set up correctly, login will fail
    #
    <Directory /usr/share/z-push/>
    # Some apache settings
    Options -Indexes +FollowSymLinks

    # Register globals must be off
    php_value register_globals off

    # Magic quotes must be off
    php_value magic_quotes_gpc off
    php_value magic_quotes_runtime off

    # Short open tags must be on
    php_value short_open_tag on

    # Allow passing variable by reference
    php_value allow_call_time_pass_reference on
    </Directory>

    It would then be available at https://server.domain.com:81/Microsoft-Server-ActiveSync

    Regarding RPM building there's a lot on the net, I highly reommend setting up the build evnironment as per ClearOS docs. Then picking a small SRC RPM, installing it - and then picking apart it's SPEC file
    http://www.clearfoundation.com/docs/developer/packaging/building_an_rpm_-_the_basics

    Some tutorials:-
    http://fedoraproject.org/wiki/PackageMaintainers/CreatingPackageHowTo
    http://www.ibm.com/developerworks/library/l-rpm1/
    For the "Fedora Way" (which is ultimately upstream RHEL/CentOS see:-
    http://fedoraproject.org/wiki/PackagingGuidelines
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, March 27 2011, 09:12 PM - #Permalink
    Resolved
    0 votes
    On the RPM front it appears Robert Scheck (who also maintains Zarafa upstream for Fedora) has been maintaing one already
    http://www.mail-archive.com/rpmfusion-developers@lists.rpmfusion.org/msg09015.html

    EDIT: sorry missed your append!
    The reply is currently minimized Show
  • Accepted Answer

    FastLaneJB
    FastLaneJB
    Offline
    Sunday, March 27 2011, 09:06 PM - #Permalink
    Resolved
    0 votes
    Hi Tim,

    OK well it could easily go on port 84 with Zarafa. The reason I put it on port 85 is so the config for this won't get overwritten if your zarafa config changes. Also while I've only detailed it for Zarafa, there's no reason you cannot have push e-mail over Activesync from Horde though I've not tried it. Maybe a future step would be to have a webconfig page that lets you pick the Timezone (Or gets it automatically from ClearOS's Timezone settings) and then lets you pick from Activesync support for Zarafa or Horde.

    Still I'm happy to hook it up on just port 84 if you think that might be neater?

    Or maybe if your zarafa config had the lines to forward /Microsoft-Server-ActiveSync to port 85 then it would just work if Z-Push is installed and it wasn't going to bring anything up on that if it's not regardless. It would then not need port 85 opened as port 84 would work just fine with me adding in a z-push.conf for Apache as well so it works on 443. Would that be a reasonable way to do it?

    I'd really like to get this packaged up into an RPM so will be doing some reading on this soon. Maybe you have some pointers for good links to read Tim?

    I'm not a fan of running something which requires a username and password over normal HTTP compared to using it over SSL. Putting this in your zarafa-webaccess Apache config would make it available over HTTP (I move Zarafa webaccess into ssl.conf as well. Is it possible to force it to just 443 outside of the ssl.conf file?). Just wonder what other peoples opinion's are on this? Can happily put it on HTTP as well if that's what people want. It just means if your on a public Wifi, someone can easily sniff out your passwords. With those passwords they could use you to mail relay and get your IP banned if it was a static one.

    I missed the webconfig permissions, I'll edit the Howto to fix that. Well spotted and thanks.

    Cheers for the tips and opinion Tim :)
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, March 27 2011, 08:43 PM - #Permalink
    Resolved
    0 votes
    Thanks for the Howto!

    just wondering but instead of creating another virtual host on another port - couldn't this be combined on port 84 with Zarafa? I can incorporate these into the Zarafa build if you think it works OK.

    All it would need is the following two lines added to /usr/webconfig/conf/httpd.d/zarafa-webaccess-clearos.conf
    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php
    SetEnvIf Request_URI "^/Microsoft-Server-ActiveSync(/|$)" zpush_request


    Also apache for webconfig, it runs as webconfig user and group, but also has to be writable by apache. To get round this I had to do something similar with webaccess...leave the owner as apache, and set webconfig as group, then give it 775 permissions:-
    chown apache:webconfig /usr/share/z-push/state
    chmod -R 775 /usr/share/z-push/state


    In addition - instead of editing ssl.conf you could edit the existing Zarafa apache ProxyPass config at /etc/httpd/conf.d/zarafa-webaccess.conf
    ProxyPass /Microsoft-Server-ActiveSync https://127.0.0.1:84/Microsoft-Server-ActiveSync
    ProxyPassReverse /Microsoft-Server-ActiveSync https://127.0.0.1:84/Microsoft-Server-ActiveSync


    Just some ideas, but equally keeping it seperate from Zarafa has it's own merits :)
    The reply is currently minimized Show
Your Reply