Kolab2 Maintenance and Use

From Kolab wiki

Contents 1 General Documentation 2 Shared Folders 3 Distribution Lists 4 Configure kolab's Openldap for binding on specials IP address 5 SMTP SASL Authentication 6 Install a SSL Certificate

General Documentation

There are currently OpenOffice.org documents available in the kolab cvs:

Server Admin Tools (Review about the Kolab server administration tools – Links and tips doc5.sxw)

• Backups for kolab2 - Hints for how to back up your kolab2 server
• Fighting spam - Minimising spam to your kolab2 server
• Antivirus and content checking - The antivirus and content checking tools available with kolab2
• IMAP mailbox maintenance - Tips for maintaining and monitoring mailboxes
• Goodies - Useful scripts and other "goodies" for kolab2 server
• Multiple Domains - Ways to use multiple domains in Kolab

Shared Folders

Shared Folders can be useful for groups. Instead of adding and removing people from a group, let them subscribe or unsubscribe themselves from a shared folder. Add the shared folder in the web interface and set the permissions for it. You can allow/disallow read/write access to users/groups or just anybody. You may also send mail to the folder directly. Read more about the details of Shared folders.

Distribution Lists

These are another way to distribute mail to multiple users. To add external addresses to the DL, they must first be added to the address book, then added to the DL.

Configure kolab's Openldap for binding on specials IP address

Openldap from kolab installations by default bind on all avaiable IP address. If you want run another ldap server you must set slapd daemon for using only special ipaddress/port.

Example (on debian sarge): 127.0.0.1 and 192.168.0.1 we want run slapd from kolab tree 127.0.0.3 and 192.168.0.3 slapd from official debian package We setup the machine for additional IP with ifconfig

Stop all slapd server.

After, for debian package, edit "/etc/default/slapd" and add

SLAPD_SERVICES="ldap://127.0.0.3:389/ ldap://192.168.0.1:389/"

for kolab'slapd edit /kolab/etc/rc.conf with:

openldap_url="ldap://127.0.0.1:389 ldap://192.168.0.3:389 ldaps://"

Now you can start 2 openldap server with one machine

Now you must set the client... For kolab nothing, but for debian edit /etc/ldap/ldap.conf, /etc/libnss-ldap.conf, /etc/pam_ldap.conf and others and set:

URI     ldap://127.0.0.3/

This is useful for test.

SMTP SASL Authentication

ISPs usually try to avoid that their smtp server becomes an open relay. Thus, they either only open it up for their customers IP ranges or they require authentication. This describes how to do it (verified with smtp server from 1&1).

• enter your providers smtp server via the kolab webinterface, e.g. smtp.provider.com
• ssh into your kolab machine and become root
• point your favorite editor to /kolab/etc/kolab/templates/main.cf.template
• Add the following code to the end of the file:

# For auth. sending via provider
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/kolab/etc/postfix/sasl_passwd
#smtp_use_tls = yes # activate this if you use tls

• create a file /kolab/etc/postfix/sasl_passwd and add the following line:

smtp.provider.com    accountname:password

• replace accountname and password with your ISP's data.
• run /kolab/sbin/postmap /kolab/etc/postfix/sasl_passwd
• run /kolab/sbin/kolabconf
• restart kolab's postfix.

You should now be able to send mails to the internet via your ISP's smtp server.

See also: http://www.postfix.org/postconf.5.html#smtp_sasl_password_maps

Install a SSL Certificate

The installation routine of Kolab offers you to create a CA and a certificate. You should do this unless you know very well about CAs and certificates.

Once you ran the bootstrapping you will be able to recreate the certificate if you really need to by running

/kolab/etc/kolab/kolab_sslcert.sh

However, these are a self-signed certificate that you may want to exchange with another certificate as part of your PKI maintained by a real trust center.

A simple approach for this is to generate a new certificate request and a private certificate key. Copy the private key to the correct location like this:

cp key.pem /kolab/etc/kolab/key.pem

Now submit your certificate request to your trust center and ask them to create a certificate. Let's assume they will send you back the file 'cert.pem'. Then install it like this

cp cert.pem /kolab/etc/kolab/cert.pem

You don't need a backup of the old cert.pem. However a copy is present as /kolab/etc/kolab/ca/newcerts/01.pem.

Finally you should restart all services that use the SSL certificate

/kolab/bin/openpkg rc all stop
/kolab/bin/openpkg rc all start