How to setup IMAPS and SMTPS in Kolab?

Paul Klos kolab at klos2day.nl
Sat Jun 4 20:06:10 CEST 2011 

On Saturday 04 June 2011 13:16:00 Advrk Aplmrkt wrote:
> I've successfully installed Kolab 2.3.2 on my Linux machine, and have
> been able to access the admin page, create a user, and login to Horde.
> Right now, I am using a dynamic DNS hostname from DynDNS that's linked
> to the dynamic IP provided by my ISP.
> I tried to setup a test Thunderbird client to connect to my Kolab
> server. But I don't know how to correctly setup the server to accept
> such connections (IMAPS and SMTPS), and what domain/hostname I should
> specify in Thunderbird's settings?
> So far I tried to setup IMAPS as [hostname] at port 993, but
> Thunderbird couldn't make the connection. I also have no idea how to
> setup SMTPS. (I checked my server's firewall, its port 993 is open,
> but I don't know which to open for SMTPS, and how to enable it in
> Kolab).
> Any specific instructions would be great. Thank you.
> 
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users

I set this up in my kolab installation, mainly following the postfix documentation, although there are some how-tos out there as well, for example:
http://www.howtoforge.com/postfix-smtp-authentication-on-the-secure-port-only
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html

Obviously, if you follow some generic postfix how-to, you'll need to make the changes fit in with your kolab environment.

I didn't take extensive notes, but you'll need at least to change the following files:
/kolab/etc/sasl/smtpd.conf
/kolab/etc/postfix/master.cf
/kolab/etc/postfix/main.cf

If you want to make your changes permanent, you'll need to change the corresponding template in /kolab/etc/kolab/template. One way is to make the changes to the generated files 
first, and only change the templates when everything works. That way you can always revert back using kolabconf. Otherwise, make sure you back up your current templates before you 
make any changes.

Now, below are relevant some extracts from my config files. I can't tell you exactly what I had to change, because I don't remember. Also, I'm not 100% sure that these are ALL the 
changes you need to make. But if you compare this to your current setup, you should be able to get started.

Cheers,

Paul


#################
In /kolab/etc/sasl/smtpd.conf
pwcheck_method: saslauthd                                                                                                                                        
mech_list: plain login 

#################
In master.cf
This is the line that starts the secure smtp server. I think it's either not there or commented out in the standard kolab configuration.
0.0.0.0:465       inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes 

#################
In main.cf
#TLS settings
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_cert_file = /kolab/etc/kolab/cert.pem
smtpd_tls_key_file = /kolab/etc/kolab/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s


#   authentication via sasl

## Kolab Policy Server
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
        reject_unauth_destination, reject_unlisted_recipient,
        check_policy_service unix:private/kolabpolicy,
        reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sender_restrictions = permit_mynetworks,
        check_policy_service unix:private/kolabpolicy
submission_sender_restrictions = check_policy_service unix:private/kolabpolicy
kolabpolicy_time_limit = 3600
kolabpolicy_max_idle = 20

#smtpd_restriction_classes =
smtpd_sasl_auth_enable = yes

# We want to allow for uids without any realm
#smtpd_sasl_local_domain = $myhostname
smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

# Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
broken_sasl_auth_clients = yes

# useful for checking authentication status esp. when using dynamic IPs for the sending client and doing authorization
smtpd_sasl_authenticated_header = yes

# Verbatim NUL bytes violate RfC 2822 and later and dont work with IMAP.
# So we reject messages containing them (see kolab/issue3594).
message_reject_characters = \0

content_filter = kolabfilter
#################

More information about the users mailing list