Aurora Corporate documentation

Setting up Solr to improve search performance

While performing IMAP search on just the headers is usually fast, running search in message text in standard setup of MailSuite Pro could use improvement. That's done by setting up and configuring an additional search module, we use Apache Solr for this purpose.

The configuration is performed as follows (with superuser/root privileges):

  1. Install Java:
apt install default-jre
  1. Install Solr:
wget https://downloads.apache.org/lucene/solr/8.11.2/solr-8.11.2.tgz
tar xzf solr-8.11.2.tgz solr-8.11.2/bin/install_solr_service.sh --strip-components=2
bash ./install_solr_service.sh solr-8.11.2.tgz
systemctl start solr
  1. Init Solr schema namespace:
su - solr -c "/opt/solr/bin/solr create -c dovecot -n dovecot"

Solr configuration is found under /var/solr/data/dovecot/conf/ directory:

ls -la /var/solr/data/dovecot/conf/
total 52
drwxr-xr-x 3 solr solr  4096 Oct  7 12:33 .
drwxr-xr-x 4 solr solr  4096 Sep 28 14:55 ..
drwxr-xr-x 2 solr solr  4096 Sep 28 14:21 lang
-rw-r--r-- 1 solr solr  6127 Oct  7 12:33 managed-schema
-rw-r--r-- 1 solr solr   882 Oct  6 12:43 protwords.txt
-rw-r--r-- 1 solr solr  6944 Oct  7 12:33 schema.xml.bak
-rw-r--r-- 1 solr solr 11287 Sep 28 15:00 solrconfig.xml
-rw-r--r-- 1 solr solr   781 Jun 10 20:23 stopwords.txt
-rw-r--r-- 1 solr solr  1124 Jun 10 20:23 synonyms.txt
  1. Reconfigure Dovecot

In /etc/dovecot/conf.d/10-mail.conf file, make sure fts and fts_solr are included in list of mail_plugins:

mail_plugins =  $mail_plugins fts fts_solr virtual

Also, add the following section into /etc/dovecot/conf.d/90-plugin.conf file:

plugin {
    fts = solr
    fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
    fts_autoindex = yes
}
  1. Restart services to apply changes:
service dovecot restart
service solr restart

Admin interface security

Solr comes with administrative web interface accessed at http://server.name:8983/ URL. By default, the admin interface is open for public. It's strongly recommended to password-protect the interface as it shows potentially sensitive system information.

Create security.json file under /var/solr/data/ directory, with the following content:

{
"authentication":{
   "blockUnknown": true,
   "class":"solr.BasicAuthPlugin",
   "credentials":{"superadmin":"PI8RMyZKexFzmsSFgUEPtK6pq1uzvJ1791oyB+VECW0= ZmFpeG9vOUV5ZWV6M0Fpa2VvWWF0b2hiN05vb3RodTRuZWloaWV2N2VpcXVpZWZl"},
   "realm":"My Solr users",
   "forwardCredentials": false
},
"authorization":{
   "class":"solr.RuleBasedAuthorizationPlugin",
   "permissions":[{"name":"security-edit",
                  "role":"admin"}],
   "user-role":{"superadmin":"admin"}
}}

Username here is superadmin, it can be any different just supply the same username in "credentials" and "user-role" lines.

You will also need to supply a password hash in "credentials" line - the hash shown there is for password "pass3000". You can obtain a hash for a custom password value using the following bash script:

#!/bin/bash
PW=$1
SALT=$(pwgen 48 -1)
echo "hash    : $(echo -n "$SALT$PW" | sha256sum -b | xxd -r -p | sha256sum -b | xxd -r -p | base64 -w 1024) $(echo -n "$SALT" | base64 -w1024)"

You'll need pwgen utility which can be installed with:

apt install pwgen

Assuming your script is called pw.sh you can obtain a hash for your password with:

./pw.sh pass3000
hash    : PI8RMyZKexFzmsSFgUEPtK6pq1uzvJ1791oyB+VECW0= ZmFpeG9vOUV5ZWV6M0Fpa2VvWWF0b2hiN05vb3RodTRuZWloaWV2N2VpcXVpZWZl

Restart Solr to apply changes:

service solr restart