| CentOS 8 & Kerio Connect issues [message #149135] |
Sat, 05 December 2020 17:15  |
k0d3g3ar
Messages: 1
Registered: December 2020
|
|
|
|
I decided to give KC a try as an enterprise mail server. We are a Linux shop and although all the docs appear to reference CentOS 7 as a OS candidate for this, it only has LTS until 2023, so I was hoping for something that won't force me to do a complete re-install in 2 years time. CentOS 8 has LTS until 2029, so we have begun to move all of our assets to it. I noticed that it was deemed compatible by the docs, so I installed the RPM on it.
Lots of problems. First, the AV and Anti-Spam plugins just don't work. But worse, they don't work to the point where it won't start the mailserver. I had to literally go into the directories and rename the libraries to get it to skip trying to start them and voila.... the mail server started.
Next, the annoyance is that it doesn't automatically configure the firewall as part of the installation. So I did that manually. Got it to work. Next, and this I didn't find out until days of searching and confusion - it doesn't work well at all when the mail store folders are on a NAS or iSCSCI connection. It seems that it wants such fast disk access that it forces the entire system to be installed on local disks, which is just bad practice for HA and recovery. Most enterprise installations will use a SAN or NAS for storage of large data sets so that they can recover from snapshot backups, and my attempt to mount a remote volume for this was so slow that users could not login with any decent form of responsiveness. That all went away when I moved the mailstore to local disk and then it was acceptable performance. This is a BIG issue for enterprise installations, since mailstores can be in the terrabytes of size and trying to do that in virtualization environments is major problem.
Anyway after a few days of fighting with it, I was able to get it to work with a reasonable level of performance. But then I got completely stopped in my tracks with the SSL certificates. The way that KC wants to generate SSL certs is really weird. It doesn't give good directions for this, and after generating a CSR and sending it to Digicert to get a certificate, when I tried to load the cert, it is rejecting it as "Unauthorized". After scouring the forums for why, it seems that this is a bug in the latest release. Clearly SSL certs is a standard practice on the Internet. I mean no-one would ever put a website or any Internet asset out there without SSL so why was this not tested before releasing the software? The QA here is really bad if this got through. I thought that it must be me, so I tried every possible variation on this, and tested with SHA256, SHA384 and SHA512 certs - no difference. I thought it might be a TLS issue, but I'm using the latest TLS versions that come with CentOS 8.
At this point, I think I'm 100% stuck. Without SSL, this isn't going to be purchased and deployed. I wish it was a much smoother process, and I'm completely open to admitting that I did something wrong with the installation. But after days of trying to question the whole installation and after doing it 3 times to find the right combination of disk storage, library compatibility, etc. it feels like a complete failure.
I don't want this email to sound like me whining at the whole thing, but I am hoping that the folks at Kerio can realize what sort of installation experience occurred here for a Linux user. I'm sure that CentOS 7 may have been easier, and probably there is more of a body of tips, etc. out there but with CentOS 8 out now for over a year, I don't consider it bleeding edge and is very stable. I'm hoping that all QA for RPM releases is focused at least on this distro since new installations such as my own, will likely target it due to the LTS timing.
If anyone can either confirm or refute my experiences here, suggest a path forward, etc. I'm all ears. I just want this to work, but I can't in good faith purchase this in the state that it currently appears to be.
Thanks
K
|
|
|
|
|
|
| Re: CentOS 8 & Kerio Connect issues [message #149141 is a reply to message #149135] |
Mon, 07 December 2020 22:51  |
Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
|
|
|
|
k0d3g3ar wrote on Sat, 05 December 2020 11:15Next, and this I didn't find out until days of searching and confusion - it doesn't work well at all when the mail store folders are on a NAS or iSCSCI connection. It seems that it wants such fast disk access that it forces the entire system to be installed on local disks, which is just bad practice for HA and recovery. Most enterprise installations will use a SAN or NAS for storage of large data sets so that they can recover from snapshot backups, and my attempt to mount a remote volume for this was so slow that users could not login with any decent form of responsiveness.
While Kerio Connect's appetite for speedy mass storage is well known, I've been running it on iSCSI storage without issue for several years. First on an Equilogic with spinning rust, later on a Synology FlashStation using SSD. All in a Debian VM under VMware/ESXi. No real problems with performance, especially when I switched to 10GB for the storage interface. The OutLook connector has much more of a negative impact on the user interface and performance than the server storage (assuming you put in something reasonably suited for this application).
|
|
|
|
Members
Search
Help
Register
Login
Home
