Re: Enable POP/POP3, POPS/POP3S and Let’s Encrypt SSL

Jan Kowalsky jankow at datenkollektiv.net
Wed Jul 3 12:19:14 CEST 2019 

Hi Martin,

Am 27.06.19 um 17:00 schrieb Martin Araujo:
> 
> I am new to Kolab Community and Cyrus Imap but I have years of experience in cpanel/WHM servers, ISPConfig3 servers, Zimbra and Scalix community servers.

did you already get a step forward?

> I would like to deploy a Kolab Community server for a couple of clients or customers but with the following features:

> 1.- Enable POP/POP3 and POP-S/POP3-S for desktop users who prefer to work with Microsoft Outlook or Mozilla Thunderbird (sent and received messages stored in the computer).
> 
> 2. Install a Lets Encrypt SSL and enable SSL for webmail/webdav/carddav/etc; postfix and Cyrus IMAP. The Lets Encrypt SSL is important because IMAP and POP clients will connect to server using secure ports (587, 993, 995, etc.)

> https://docs.kolab.org/installation-guide/centos-7.html

we use debian - but imap configuration doesn't differ.

> 1.-
> To enable POP and POP-S I edited /etc/cyrus.conf and added the following and restarted cyrus imap:
> 
>     pop3    cmd="pop3d" listen="pop3" prefork=1
>     pop3s   cmd="pop3d -s" listen="pop3s" prefork=1
> 
> Is this correct?

yes. This is my conifg for imap and pop3:

    imap		cmd="imapd" listen="imap" prefork=5
    imaps		cmd="imapd -s" listen="imaps" prefork=1
    pop3		cmd="pop3d" listen="pop3" prefork=3
    pop3s		cmd="pop3d -s" listen="pop3s" prefork=1


> 2.-
> I installed Lets Encrypt SSL (cert only)  and then I edited /etc/httpd/conf.d/ssl.conf and updated
> SSLCertificateFile
> SSLCertificateKeyFile
> and restarted Apache or httpd. I saw webmail and admin pages with https.....
> 
> for Cyrus IMAP I edited /etc/imapd.conf and changed
> 
> tls_server_cert: /etc/letsencrypt/live/exmaple.org/fullchain.pem
> tls_server_key: /etc/letsencrypt/live/example.org/privkey.pem

I understand right, that cyrus-imapd doen't start at all?

a common problem is that the user id which is running cyrus doesn't have
rights for the certificates.

  adduser cyrus ssl-cert

shoud be sufficiant if the certs are readable for the group ssl-cert.

> restarted Cyrus or the VM but it did not work, maybe it is a issue of permissions.

It doesn't restart? Or it doesn't have the expected effect?

In first case:

  What is the error message in /var/log/mail (or the respective logfile
in centos)

In second case:

check with

  netstat -tln if pop3 ports are listening

> 3.- Apart from above it seems that there are a few additional steps for caldav/carddav for SSL and roundcube webmail.

yes. but this is stuff for the webserver (apache or nginx). If you know
how to enable ssl on a webserver config this should be straight forward.

Best regards.
Jan

More information about the users mailing list