Requirements#
Carbonio CE can be installed in a single machine.
Requirements are divided into groups: System Requirements, Software Requirements, RHEL Specific Requirements, and Additional Requirements.
System Requirements#
CPU |
Intel/AMD 64-bit 4 cores min./8+ cores vCPU |
RAM |
16 GB min., 32+ GB recommended |
Disk space (operating system and Carbonio CE) |
50 GB |
These requirements may vary depending on the size of the infrastructure, which includes the services running and the number and size of each mailbox. This means that if for example you plan to assign a 10GB quota to each of your 20 users, you must increase the Disk space requirements accordingly, i.e., to around 250GB total.
VMware vSphere 6.x |
VMware vSphere 7.x |
XenServer |
KVM |
Virtualbox (testing purposes only) |
Software Requirements#
Carbonio CE is available for 64-bit CPUs only and can be installed on top of any of these vanilla distributions:
Ubuntu 22.04 LTS Server Edition: choose Ubuntu Server, not Ubuntu Server (minimized)
Ubuntu 24.04 LTS Server Edition: choose Ubuntu Server, not Ubuntu Server (minimized)
RHEL 8 (see specific requirements)
RHEL 9 (see specific requirements)
Support for other distributions will be announced in due course when it becomes available.
While they are not officially supported, Linux distributions compatible with Ubuntu (e.g., Debian) and RHEL (e.g., AlmaLinux, Rocky Linux) may be used as base OS for Carbonio CE, provided all dependencies can be satisfied. This may include adding third-party repositories or manually installing software packages.
Moreover, even if Carbonio CE can be installed on an unsupported distribution, it may require some additional effort to have all Carbonio CE Components working, for example to manually edit some configuration file, while some Component may be not working at all. If you face some problems on unsupported distributions or if you successfully installed Carbonio CE on a unsupported distribution and want to share your result, you may want to join the Official Community Forum.
The following requirements must be satisfied before attempting to install Carbonio CE.
Python 3, latest version available on the chosen Operating System
Perl, latest version available on the chosen Operating System
Make sure that the
/etc/hostsdoes not contain any IPv6 entriesLocale settings: Carbonio CE requires strictly
en_US.UTF-8as the default system locale; a different locale may lead to unexpected issues and services not working correctly. Please follow the procedure described in Section Setting System Locale to modify the configuration.
Note
Only Carbonio CE Components should be installed on a Carbonio CE server. Installing additional software is unsupported and may cause conflicts that could compromise Carbonio CE’s correct functioning. For example, software like Webmin, Cockpit, or Postfix may be using the same ports as Carbonio CE, therefore interfering with its everyday use.
Network Configuration Guidelines#
You should adhere to the following guidelines when installing a Carbonio CE infrastructure.
Components must be deployed on a server that use private IP addresses for all internal communications
Only the necessary service ports should be exposed to the public network (Internet): you need to keep private (i.e., unreachable from outside networks) the internal network interfaces of the server, and configure either port forwarding or firewall rules so that only the necessary ports (like for example HTTPS, SSH, or SMTP) are reachable from outside (Internet or remote networks).
Do not forward ports for services that are not offered: for example, if you do not allow IMAP connections, do not expose the IMAP service’s port.
For enhanced security, restrict SSH access to the server, allowing connections only from authorised devices or specific IP addresses.
See also
Please refer to section Firewall Ports to learn which port you should forward from the Internet.
RHEL Specific Requirements#
Note
If you plan to install Carbonio CE using the downloadable script (see Section Script-based Installation), these requirements are checked and automatically enabled if missing.
RHEL 8#
If you plan to install Carbonio CE on RHEL 8, you need an active subscription to the following repositories, i.e., you must be able to fetch packages from them
-
BaseOS and the other main repositories:
# subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms
-
Appstream:
# subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms
-
CodeReady:
# subscription-manager repos --enable=codeready-builder-for-rhel-8-x86_64-rpms
-
EPEL:
# dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
SELinux Must be set to disabled or permissive in file
/etc/selinux/config. You can check the current profile
using the command
# sestatus
RHEL 9#
If you plan to install Carbonio CE on RHEL 9, you need an active subscription to the following repositories, i.e., you must be able to fetch packages from them
-
BaseOS and the other main repositories:
# subscription-manager repos --enable=rhel-9-for-x86_64-baseos-rpms
-
Appstream:
# subscription-manager repos --enable=rhel-9-for-x86_64-appstream-rpms
-
CodeReady:
# subscription-manager repos --enable=codeready-builder-for-rhel-9-x86_64-rpms
-
EPEL:
# dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
SELinux Must be set to disabled or permissive in file
/etc/selinux/config. You can check the current profile
using the command
# sestatus
systemd units to replace zmcontrol
By installing Carbonio CE on RHEL 9 or Ubuntu 24.04 you will no longer be able to manage Carbonio services with the legacy zmcontrol start <service>, zmcontrol restart <service>, and zmcontrol stop <service> commands. Interaction with services should be done exclusively through systemd commands.
Note
The zmcontrol -v command, used to retrieve Carbonio CE’s configuration, will continue working as usual.
The following are useful commands that can be used to manage the
new systemd units and find the replacement of the
zmcontrol commands.
-
Get the list of all Carbonio services
# systemctl list-unit-files
-
Check the status of a service, for example Carbonio Tasks
# systemctl status carbonio-tasks.service
To manage a service’s start, stop, and restart, replace
statusin the above command with:start,stop, andrestartrespectively.-
zmcontrol start | stop | restart is no longer available and can not be used as a convenience to restart all Carbonio services at once. This command has been replaced by the following four Component-specific
systemdcommands, which must be executed on the Node on which the Component is installed.# systemctl start/stop/restart carbonio-directory-server.target # systemctl start/stop/restart carbonio-appserver.target # systemctl start/stop/restart carbonio-mta.target # systemctl start/stop/restart carbonio-proxy.target
See also
Insights on the new systemd units and the new
commands can be found in sections Carbonio Systemd Targets and
Systemd Usage Guide For Administrators, respectively.
Additional Requirements#
Take into account the following points.
You need to forward two ports to the Carbonio CE server from the public IP: port 25/smtp to be able to receive mail, and port 443/https to allow users to access their webmail from a remote location.
WebSocket must be allowed and a Certificate including their support must be used to access Carbonio CE if you plan to install the Chats Component, see Section Websocket Protocol
-
All
carboniocommands must be executed as thezextrasuser (these commands will feature azextras$prompt), while all other commands must be issued as therootuser, unless stated otherwise.Note
The
zextrasuser is created during the Carbonio CE installation process, it is not necessary to create it beforehand. Commands or groups of commands may be different between Ubuntu and RHEL 8. This is shown by blue tabs: click on the tab of your choice to find the correct command.
When no such tabs are given, the commands to run are the same on Ubuntu and RHEL 8.
Websocket Protocol#
The WebSocket protocol is used by the Chats component. In case your infrastructure lies behind an application firewall or any firewall featuring DPI, you need to explicitly allow WebSocket packets on port 443, otherwise they will be blocked. Indeed, these firewalls can recognise the type of packets or the application that generated them and would allow on port 443 only HTTPS traffic: everything else would be blocked.
Additionally, the certificate that you use for your Carbonio CE infrastructure must be configured to use WebSockets.
The Carbonio CE implementation of WebSocket includes version negotiation between client and server, by using Websocket’s subprotocols, see RFC 6455#section-1.9.
Firewall Ports#
For Carbonio CE to operate properly, it is necessary to allow network communication on specific ports.
Ports are grouped according to the Component that require them.
External Connections#
These ports must be forwarded to Carbonio CE, to allow communication with remote services on the Internet.
Port |
Protocol |
Service |
|---|---|---|
25 |
TCP |
Postfix incoming mail |
465 |
TCP |
Message Submission over TLS protocol |
587 |
TCP |
Port for SMTP autenthicated relay, requires STARTTLS (or opportunistic SSL/TLS) |
Warning
These ports should be exposed only if really needed, and preferably only accessible from a VPN tunnel, if possible, to reduce the attack surface.
Port |
Protocol |
Service |
|---|---|---|
80 |
TCP |
unsecured connection to the Carbonio web client |
110 |
TCP |
external POP3 services |
143 |
TCP |
external IMAP services |
443 |
TCP |
secure connection to the Carbonio web client |
443 |
TCP |
WebSocket protocol [1] |
993 |
TCP |
external IMAP secure access |
995 |
TCP |
external POP3 secure access |
6071 |
TCP |
secure access to the Admin Panel |
5222 |
TCP |
Message Dispatcher, required by the Chats Component |
Warning
The IMAP, POP3, and 6071 ports should be exposed only if really needed, and preferably only accessible from a VPN tunnel, if possible, to reduce the attack surface.
Port |
Protocol |
Service |
|---|---|---|
20000-40000 |
UDP |
Client connections for the audio and video streams |