Kolab2 Maintenance and Use
From Kolab Wiki
There are currently OpenOffice.org documents available in the kolab cvs:
Server Admin Tools (Review about the Kolab server administration tools – Links and tips doc5.sxw)
- Backups for kolab2 - Hints for how to back up your kolab2 server
- Fighting spam - Minimising spam to your kolab2 server
- Antivirus and content checking - The antivirus and content checking tools available with kolab2
- IMAP mailbox maintenance - Tips for maintaining and monitoring mailboxes
- Goodies - Useful scripts and other "goodies" for kolab2 server
- Multiple Domains - Ways to use multiple domains in Kolab
Shared Folders can be useful for groups. Instead of adding and removing people from a group, let them subscribe or unsubscribe themselves from a shared folder. Add the shared folder in the web interface and set the permissions for it. You can allow/disallow read/write access to users/groups or just anybody. You may also send mail to the folder directly. Read more about the details of Shared folders.
These are another way to distribute mail to multiple users. To add external addresses to the DL, they must first be added to the address book, then added to the DL.
Configure kolab's Openldap for binding on specials IP address
Openldap from kolab installations by default bind on all avaiable IP address. If you want run another ldap server you must set slapd daemon for using only special ipaddress/port.
Example (on debian sarge): 127.0.0.1 and 192.168.0.1 we want run slapd from kolab tree 127.0.0.3 and 192.168.0.3 slapd from official debian package We setup the machine for additional IP with ifconfig
Stop all slapd server.
After, for debian package, edit "/etc/default/slapd" and add
for kolab'slapd edit /kolab/etc/rc.conf with:
openldap_url="ldap://127.0.0.1:389 ldap://192.168.0.3:389 ldaps://"
Now you can start 2 openldap server with one machine
Now you must set the client... For kolab nothing, but for debian edit /etc/ldap/ldap.conf, /etc/libnss-ldap.conf, /etc/pam_ldap.conf and others and set:
This is useful for test.
SMTP SASL Authentication
ISPs usually try to avoid that their smtp server becomes an open relay. Thus, they either only open it up for their customers IP ranges or they require authentication. This describes how to do it (verified with smtp server from 1&1).
- enter your providers smtp server via the kolab webinterface, e.g. smtp.provider.com
- ssh into your kolab machine and become root
- point your favorite editor to /kolab/etc/kolab/templates/main.cf.template
- Add the following code to the end of the file:
# For auth. sending via provider smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/kolab/etc/postfix/sasl_passwd #smtp_use_tls = yes # activate this if you use tls
- create a file /kolab/etc/postfix/sasl_passwd and add the following line:
- replace accountname and password with your ISP's data.
- Keep the file secure from unwanted eyes running:
chown root:root /kolab/etc/postfix/sasl_passwd chmod 600 /kolab/etc/postfix/sasl_passwd
- run /kolab/sbin/postmap /kolab/etc/postfix/sasl_passwd
- run /kolab/sbin/kolabconf
- restart kolab's postfix (for example, with /kolab/etc/rc postfix restart" )
You should now be able to send mails to the internet via your ISP's smtp server.
Install a SSL Certificate
The installation routine of Kolab offers you to create a CA and a certificate. You should do this unless you know very well about CAs and certificates.
Once you ran the bootstrapping you will be able to recreate the certificate if you really need to by running
However, these are a self-signed certificate that you may want to exchange with another certificate as part of your PKI maintained by a real trust center.
A simple approach for this is to generate a new certificate request and a private certificate key. Copy the private key to the correct location like this:
cp key.pem /kolab/etc/kolab/key.pem
Now submit your certificate request to your trust center and ask them to create a certificate. Let's assume they will send you back the file 'cert.pem'. Then install it like this
cp cert.pem /kolab/etc/kolab/cert.pem
You don't need a backup of the old cert.pem. However a copy is present as /kolab/etc/kolab/ca/newcerts/01.pem.
Finally you should restart all services that use the SSL certificate
/kolab/bin/openpkg rc all stop /kolab/bin/openpkg rc all start