Install Kolab Mail Server on Ubuntu

This post will show you how to install Kolab mail server on ubuntu 14.04, in this example on a DigitalOcean VPS.  Kolab’s recipient policy will be removed because I do not need guaranteed unique email addresses, secondary alias addresses setup etc. DKIM is another important factor when configuring a mail server as it allows other mail servers to validate the authenticity of you emails. There are many useful plugins available for roundcube such as integration with Google Authenticator app. For sources see the reference section at the end.

Install Kolab

The first step is to install Kolab on the VPS. Add the following to /etc/apt/sources.list.d/kolab.list using nano or similar.

We need to import the authentication key to validate the packages. Run these commands.

To make sure the Ubuntu server priorities the packages from the Kolab repository we need to create a preferences file. Create and put the following in /etc/apt/preferences.d/kolab:

Setup Kolab

Before running the setup tool the server MUST have its FQDN (Fully Qualified Domain Name) configured. To check run cat /etc/hosts

Also run cat /etc/hostname which should show:

Now we need to configure the Kolab server which is surprisingly easy because we can use the provided setup tool. Run the following command:

This will launch a command line wizard asking some questions. You can either accept the generated answer in the square brackets by pressing enter or type in your own. Below are examples of the questions in order, when running the command an explanation of parameter is provided.

Please choose the system user and group the service should use to run under.
These should be existing, unprivileged, local system POSIX accounts with no
shell.

Remove Kolab Recipient Policy

Kolab has a recipient policy designed to generate the primary and secondary email addresses of the users based on their first and last names, this would obviously be useful in an enterprise environment however within a personal or small business environment then it could become annoying. Kolab does allow the creation of more alias addresses but the user would have 3 generated already. I wanted to specify my own primary email address and create as many or as little aliases as I wanted.

Firstly edit this file: /etc/kolab/kolab.conf

Remove these lines from around line 8:

Right at the bottom of the file is a section with your domain name:

Then restart the service:

Now we need to copy a template file, modify it and then run the file to modify the current Kolab installation. This can be a bit tricky to remove exactly the right things, I have missed one line and then could not add more than one alias address as the plus button had been removed.
Run this command to copy the template file.

Move to the directory with the cd command and unzip the file with:

Edit the PHP Template file

Edit these lines as directed:

It should like:

Now further down the file we need to add some extra lines:

Save the file and then check for syntax errors:

Apply the changes to the Kolab installation:

Access Kolab Webmail top level domain

The default behaviour of Kolab is to provide the webmail access at mail.example.com/webmail or mail.example.com/roundcubemail which I don’t want. To access webmail at mail.example.com then it is a simple edit of the apache2 site configuration.

Edit /etc/apache2/sites-enabled/roundcubemail.conf

Find the following lines:

Replace the above lines with this one. Basically we are removing the /roundcubemail or /webmail of the above lines.

Restart Apache2:

I would like to change the default /kolab-webadmin to just admin but when I tried the same approach I got errors after logging in so I might come back to that at a later date.

Postgrey/Virus/Spam

Post grey is a very useful way of stopping spam emails. Here is a good explanation of Greylisting from Kolab Blog.

Stopping spam before it enters the queue is a good thing. One way to achieve this is Greylisting: Reject a triplet (sending host, sender address, recipient address) on the first deliver attempt with a temporary error (450 4.2.0 <tobias@tobrunet.ch>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/tobrunet.ch.html) and save this triplet. On the second delivery attempt check the triplet against the database and if it matches, allow this message to be delivered. This stops many spam senders because they only try it once. A correctly configured MTA tries it again after a few minutes and the mail is delivered.”

Enable postgrey by editing the /etc/postfix/main.cf file:

Enable Anti-Virus and SpamAssassin

Edit /etc/amavis/conf.d/15-content_filter_mode

Un-comment the appropriate lines in the above file to enable anti-virus/spam checking.

Add the users to the correct groups:


Please note that the clamav daemon uses around 200MB for each instance and won’t run on a VPS with less than 1Gb and on a 1GB needs a swap partition to be able to restart the service.
Shows the ClamAV memory usage running on a Kolab mail server installation.
Shows the ClamAV memory usage

Create SWAP File

We are using a VPS from DigitalOcean and this does not have a swap partition assigned to it however we can just create a swap file instead, as DigitalOcean use SSDs for their storage then the swap file is pretty quick.

Create a file called swapfile in the root file system.

Check to see if the file has been created.

Set the correct permissions.

Format it as a SWAP type.

Activate the SWAP file so it is used as SWAP, you should see SWAP available in htop after running this command.

Edit the Fstab to enable the swap partition on boot.

Now clamav will restart correctly because it can allocate the memory.

POODLE Attack Revealed, Disable SSLv3

Information from BetterCrypto.

Edit the Postfix Main.cf

Change the TLS section to:

Edit the /etc/cyrus.conf

If you don’t need or use Pop3 then it may as well be disabled.

Edit /etc/imapd.conf

Configure DNS/SPF (Important for a trusted mail server)

Please look at this post about DNS configuration.

Adding Plugins to Roundcube

Adding plugins is quite simple. Please do not confuse myRoundcube with roundcube as these are not the official plugins, they are modified versions that require the use of their plugin manager and they also charge for some of the plus versions of plugins. This is not to say do not use them as many people do but I prefer not to be forced to use a tool just to install and get the plugins.

On roundcubes official wiki they mention the main.inc.php file but in the Kolab install it is /usr/share/roundcubemail/config/config.inc.php instead.

My favourite plugins so far are: markasjunk2 , serverinfo and twofactor_gauthenticator.

The way to install a plugin is to copy the plugin the correct directory and then enable it in the plugin array. You don’t even need to restart any services, just refresh the page. The links above have instructions on installation but I will go through install the serverinfo plugin. This plugin adds useful information to your settings page such as port numbers etc.

Download the zip/tar file to a directory on the server using wget.

Unzip the file:

Copy the folder to the plugin directory:

Edit this file /usr/share/roundcubemail/config/config.inc.php and find the plugin section. I have removed most from this list as it is a little long and not necessary to show the whole list.

I have added the plugin serverinfo. Generally the plugin name is the name of folder copied. Please note, When downloading some of the plugins from Github the folder normally needs to be renamed as per the instructions.

Now the plugin is enabled.

References

Kolab Installation Guide | Kolab.org

Kolab Anti Spam | Kolob Blog

Roundcube Plugin Repository | Roundcube.net

Arch Swap File | Arch Wiki

Mail Tester

DKIM Take up Experiment

DKIM Configuration | Exratione

 

Please share 🙂
  • Pingback: Kolab 3.3 Groupware Server on Ubuntu 14.04 | The Finance Tutor – FREE Online tutorials for ACCA and CIMA()

  • Michael

    Hey, thanks a lot for your interesting blog post. I also installed Kolab 3.3 on Ubuntu 14.04 and it seems to work well, but the syncroton. I got “PHP Fatal error: Class ‘Zend_Log’ not found in /usr/share/kolab-syncroton/lib/kolab_sync_logger.php on line 29” on access the active-sync interface. How about you? Does it work at your system?

    • Hello, Thank you and yes I did get this error, I obviously forgot to add it to the post. Navigating to https://myserver/Microsoft-Server-ActiveSync delivers a blank page without requesting authentication and Apache2 errors with:

      PHP Fatal error: Class ‘Zend_Log’ not found in /usr/share/kolab-syncroton/lib/kolab_sync_logger.php on line 29

      To resolve this:

      Edit this file: /usr/share/kolab-syncroton/lib/init.php

      Add this to the file:

      $include_path .= ‘/usr/share/php/libzend-framework-php’ . PATH_SEPARATOR;

      Hope this helps, I will update the post soon.

  • r.t.a.

    Great guide! I’m just wondering, did you succeed in setting up the twofactor_gauthenticator on your kolab server? I’ve installed the plugin, but it doesn’t show up anywhere after logging in to roundcube, and I can’t figure out why!

  • Rolando Rangel-Palm

    I had exactly the same problem with the synchrotron url on Ubuntu 14.04. After that I tried installing Kolab on Deb7 and it worked fine. However, it installed Apache 2.2 instead of 2.4. I feel that the Deb7 install is more stable. Do you think Ubuntu is better?

  • Martin Jørgensen

    Great article!

    I had kolab up and running and working fine, but i would love to change this part “Remove kolab recipent policy”
    so i did follow the article, but now i cant login in as admin on /kolab-webadmin

    I use the cn=Directory Manager and the password i used to, i also checked the kolab.conf file, and its says the same. Are there any way that i can get my admin login back? Dont really wont to redeploy…

    Thanks in advance

    Martin Jørgensen Danmark

  • Ashok Kumar J

    You just remove secondary_mail column. Don’t remove primary_mail, it is needed in kolab_webadmin dash board. thats why u r facing the problem.

  • Sorry I haven’t replied to any messages, I haven’t had any notifications and have not looked at wordpress for a little while due to other commitments.
    Thanks for all the comments though 🙂

  • emi a

    Hi all,

    Thanks for the post: very useful.

    I also had the “Class ‘Zend_Log’ not found” error and corrected it. Now, I have a similar error at ‘/var/log/kolab-syncroton/errors’:
    PHP Fatal error: Class ‘Net_LDAP3’ not found in /usr/share/roundcubemail/program/lib/Roundcube/rcube_ldap_generic.php on line 31

    I have searched for this at pear with no luck. Finally, I found the class is defined at /usr/share/php/Net/LDAP3.php , but somehow it’s not beeing included/required into PHP. Any clue on this?