CHAPTER 7: EMAIL
Evolution is the only Linux-based mail client, theoretically working with Exchange servers. However, the CentOS version seems unable to cope with some Exchange setups. Therefore, we’ll use an intermediate agent, DavMail. It is a Java-based Exchange gateway. Get the x86_64 package for latest version and unpack it in /opt.
Add the shell script to your Gnome start-up aplications. When you run if the first time, open the GUI from the system tray and uncheck the POP3 protocol.
Settings:
- URL: https://mail.YOURDOMAIN.com/exchange/YOUR_MAILBOX@YOURDOMAIN.com
- Protocol: EWS
Basic Evoluiton or Thunderbird setup:
- To use Evolution you need to install it: as super-user, ‘yum install evolution‘
- Set incoming mail to IMAP on localhost with the IMAP port from the DavMail GUI and no encryption (your username should be in the format DOMAIN\username). For Evolution, type the port after the hostname, e.g. ‘localhost:1134‘
- Set SMTP to localhost with the SMTP port form the DavMail GUI and no encrytion. For Evolution, type the port after the hostname, e.g. ‘localhost:1134‘
- Create new calendar and set it to localhost with the Caldav port from DavMail and no ecnryption. Username is DOMAIN\username. URL is http://localhost:1080/users/YOUR_MAILBOX@YOURDOMAIN.com/calendar
- Create new address book and set it to localhost with the LDAP port from DavMail and no encryption. Login type is DN, Login is DOMAIN\username.
CHAPTER 8: JUNIPER VPN
Juniper VPN client, Network Connect, is written in Java (plus some native 32-bit libraries; if you have installed Skype, you already have the 32-bit dependencies). The default way of using it – running a browser with Java plugin as root – is way too dangerous, especially taking in account numerous holes in Java browser plugin and existing 0 day exploits. In addition, it’s setup is poorly written. Instead, we’ll tame it to run more safely:
- If you don’t have xterm, create a symlink to a suitable terminal (e.g., as super-user, ‘cd /usr/local/bin; ln -s /usr/bin/gnome-terminal xterm‘). The VPN client expects you to have xterm.
- Point your browser to your VPN’s site. Log in with your domain username and password. Approve running the java applet. The start-up of the VPN will fail, but you will not be told anything about it. Quit the browser.
- Go to ~/.juniper_networks
- Unzip the ncLinuxApp.jar in the tmp directory: ‘cd tmp; unzip ../ncLinuxClient.jar‘
- Copy the ncsvc to the ~/.juniper_networks/network_connect directory. Make it SUID root, SGID root and executable: ‘cp ncsvc ../network-connect; chown root.root ../network-connect/ncsvc; chmod 6775 ../network-connect/ncsvc’
- Copy the version.txt to the same place: ‘cp ncsvc ../network-connect’
- Copy the x509 certificate shell script to the same place: ‘cp getx509certificate.sh ../network-connect’
- If you did not install Skype, likely you don’t have the 32-bit dependencies; run ‘ldd’ on the .so files to see what is needed and install it with you (append ‘.i686‘ to each packet’s name).
- Get a GUI script for the VPN client: ‘wget https://raw.github.com/madscientist/msjnc/master/msjnc’, then, as super-user, move it to your path: ‘mv msjnc /usr/local/bin; chmod 755 /usr/local/bin/msjnc‘
- Install Perl module dependencies: as super-user, ‘yum install Perl-Gtk2‘
- Launch it from command line (or add a launcher to your Gnome panel).
- Create a new profle. Server is your VPN server (no need to put ‘http://’, just the server name). For the realm, look at the source of the VPN login web page and search for a hidden input with the same name. Username and password are from your domain account. Save the profile as default.
- Click ‘Connect‘ to run the VPN client.
- The msjnc script can do other nice things, like: run a script when connected (e.g., to mount your Windows shares); connect automartically if the command-line ‘–connect’ parameter is specified; with a few lines of GTK programming it can be minimised to tray etc.