How to setup IMAPS and SMTPS in Kolab?

Paul Klos kolab at klos2day.nl
Sat Jun 4 22:58:38 CEST 2011 

On Saturday 04 June 2011 16:07:19 you wrote:
> On 4 June 2011 14:06, Paul Klos <kolab at klos2day.nl> wrote:
> > On Saturday 04 June 2011 13:16:00 Advrk Aplmrkt wrote:
> >> I've successfully installed Kolab 2.3.2 on my Linux machine, and have
> >> been able to access the admin page, create a user, and login to Horde.
> >> Right now, I am using a dynamic DNS hostname from DynDNS that's linked
> >> to the dynamic IP provided by my ISP.
> >> I tried to setup a test Thunderbird client to connect to my Kolab
> >> server. But I don't know how to correctly setup the server to accept
> >> such connections (IMAPS and SMTPS), and what domain/hostname I should
> >> specify in Thunderbird's settings?
> >> So far I tried to setup IMAPS as [hostname] at port 993, but
> >> Thunderbird couldn't make the connection. I also have no idea how to
> >> setup SMTPS. (I checked my server's firewall, its port 993 is open,
> >> but I don't know which to open for SMTPS, and how to enable it in
> >> Kolab).
> >> Any specific instructions would be great. Thank you.
> >>
> >> _______________________________________________
> >> Kolab-users mailing list
> >> Kolab-users at kolab.org
> >> https://kolab.org/mailman/listinfo/kolab-users
> >
> > I set this up in my kolab installation, mainly following the postfix documentation, although there are some how-tos out there as well, for example:
> > http://www.howtoforge.com/postfix-smtp-authentication-on-the-secure-port-only
> > http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html
> >
> > Obviously, if you follow some generic postfix how-to, you'll need to make the changes fit in with your kolab environment.
> >
> > I didn't take extensive notes, but you'll need at least to change the following files:
> > /kolab/etc/sasl/smtpd.conf
> > /kolab/etc/postfix/master.cf
> > /kolab/etc/postfix/main.cf
> >
> > If you want to make your changes permanent, you'll need to change the corresponding template in /kolab/etc/kolab/template. One way is to make the changes to the generated files
> > first, and only change the templates when everything works. That way you can always revert back using kolabconf. Otherwise, make sure you back up your current templates before 
you
> > make any changes.
> >
> > Now, below are relevant some extracts from my config files. I can't tell you exactly what I had to change, because I don't remember. Also, I'm not 100% sure that these are ALL the
> > changes you need to make. But if you compare this to your current setup, you should be able to get started.
> >
> > Cheers,
> >
> > Paul
> >
> >
> > #################
> > In /kolab/etc/sasl/smtpd.conf
> > pwcheck_method: saslauthd
> > mech_list: plain login
> >
> > #################
> > In master.cf
> > This is the line that starts the secure smtp server. I think it's either not there or commented out in the standard kolab configuration.
> > 0.0.0.0:465       inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> >
> > #################
> > In main.cf
> > #TLS settings
> > smtpd_use_tls = yes
> > smtpd_tls_auth_only = yes
> > smtpd_starttls_timeout = 300s
> > smtpd_timeout = 300s
> > smtpd_tls_cert_file = /kolab/etc/kolab/cert.pem
> > smtpd_tls_key_file = /kolab/etc/kolab/key.pem
> > smtpd_tls_loglevel = 1
> > smtpd_tls_received_header = no
> > smtpd_tls_session_cache_timeout = 3600s
> >
> >
> > #   authentication via sasl
> >
> > ## Kolab Policy Server
> > smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
> >        reject_unauth_destination, reject_unlisted_recipient,
> >        check_policy_service unix:private/kolabpolicy,
> >        reject_rbl_client sbl-xbl.spamhaus.org
> > smtpd_sender_restrictions = permit_mynetworks,
> >        check_policy_service unix:private/kolabpolicy
> > submission_sender_restrictions = check_policy_service unix:private/kolabpolicy
> > kolabpolicy_time_limit = 3600
> > kolabpolicy_max_idle = 20
> >
> > #smtpd_restriction_classes =
> > smtpd_sasl_auth_enable = yes
> >
> > # We want to allow for uids without any realm
> > #smtpd_sasl_local_domain = $myhostname
> > smtpd_sasl_local_domain =
> >
> > smtpd_sasl_security_options = noanonymous
> >
> > # Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
> > broken_sasl_auth_clients = yes
> >
> > # useful for checking authentication status esp. when using dynamic IPs for the sending client and doing authorization
> > smtpd_sasl_authenticated_header = yes
> >
> > # Verbatim NUL bytes violate RfC 2822 and later and dont work with IMAP.
> > # So we reject messages containing them (see kolab/issue3594).
> > message_reject_characters = \0
> >
> > content_filter = kolabfilter
> > #################
> >
> OK, I will try the above. Thanks for the info!
> However, when I setup an account in Thunderbird, what should I put in
> for the IMAPS and SMTPS hostnames?
> So far I tried just only my dynamic DNS hostname, but that didn't seem
> to work. Should it be like imap.[my hostname], or something like that?
> In addition, are there configuration files I need to modify for IMAPS
> as well? Or will the above SMTPS changes be sufficient?
> Thanks again for your help!


That's right, you also need to check your imaps settings. But I believe imaps was already enabled out of the box (not sure, though).

Check the config in in /kolab/etc/imapd

You'll need this line
  imaps cmd="imapd -s -C /kolab/etc/imapd/imapd.conf" listen="0.0.0.0:993" prefork=0
in cyrus.conf, and the right tls settings in imapd.conf:

tls_ca_file:            /kolab/etc/kolab/ca/cacert.pem
tls_cert_file:          /kolab/etc/kolab/cert.pem
tls_key_file:           /kolab/etc/kolab/key.pem

Paul

More information about the users mailing list