Install Kolab Mail Server on Ubuntu

This post will show you how to install Kolab mail server on ubuntu 14.04, in this example on a DigitalOcean VPS.  Kolab’s recipient policy will be removed because I do not need guaranteed unique email addresses, secondary alias addresses setup etc. DKIM is another important factor when configuring a mail server as it allows other mail servers to validate the authenticity of you emails. There are many useful plugins available for roundcube such as integration with Google Authenticator app. For sources see the reference section at the end.

Install Kolab

The first step is to install Kolab on the VPS. Add the following to /etc/apt/sources.list.d/kolab.list using nano or similar.

We need to import the authentication key to validate the packages. Run these commands.

To make sure the Ubuntu server priorities the packages from the Kolab repository we need to create a preferences file. Create and put the following in /etc/apt/preferences.d/kolab:

Setup Kolab

Before running the setup tool the server MUST have its FQDN (Fully Qualified Domain Name) configured. To check run cat /etc/hosts

Also run cat /etc/hostname which should show:

Now we need to configure the Kolab server which is surprisingly easy because we can use the provided setup tool. Run the following command:

This will launch a command line wizard asking some questions. You can either accept the generated answer in the square brackets by pressing enter or type in your own. Below are examples of the questions in order, when running the command an explanation of parameter is provided.

Please choose the system user and group the service should use to run under.
These should be existing, unprivileged, local system POSIX accounts with no

Remove Kolab Recipient Policy

Kolab has a recipient policy designed to generate the primary and secondary email addresses of the users based on their first and last names, this would obviously be useful in an enterprise environment however within a personal or small business environment then it could become annoying. Kolab does allow the creation of more alias addresses but the user would have 3 generated already. I wanted to specify my own primary email address and create as many or as little aliases as I wanted.

Firstly edit this file: /etc/kolab/kolab.conf

Remove these lines from around line 8:

Right at the bottom of the file is a section with your domain name:

Then restart the service:

Now we need to copy a template file, modify it and then run the file to modify the current Kolab installation. This can be a bit tricky to remove exactly the right things, I have missed one line and then could not add more than one alias address as the plus button had been removed.
Run this command to copy the template file.

Move to the directory with the cd command and unzip the file with:

Edit the PHP Template file

Edit these lines as directed:

It should like:

Now further down the file we need to add some extra lines:

Save the file and then check for syntax errors:

Apply the changes to the Kolab installation:

Access Kolab Webmail top level domain

The default behaviour of Kolab is to provide the webmail access at or which I don’t want. To access webmail at then it is a simple edit of the apache2 site configuration.

Edit /etc/apache2/sites-enabled/roundcubemail.conf

Find the following lines:

Replace the above lines with this one. Basically we are removing the /roundcubemail or /webmail of the above lines.

Restart Apache2:

I would like to change the default /kolab-webadmin to just admin but when I tried the same approach I got errors after logging in so I might come back to that at a later date.


Post grey is a very useful way of stopping spam emails. Here is a good explanation of Greylisting from Kolab Blog.

Stopping spam before it enters the queue is a good thing. One way to achieve this is Greylisting: Reject a triplet (sending host, sender address, recipient address) on the first deliver attempt with a temporary error (450 4.2.0 <>: Recipient address rejected: Greylisted, see and save this triplet. On the second delivery attempt check the triplet against the database and if it matches, allow this message to be delivered. This stops many spam senders because they only try it once. A correctly configured MTA tries it again after a few minutes and the mail is delivered.”

Enable postgrey by editing the /etc/postfix/ file:

Enable Anti-Virus and SpamAssassin

Edit /etc/amavis/conf.d/15-content_filter_mode

Un-comment the appropriate lines in the above file to enable anti-virus/spam checking.

Add the users to the correct groups:

Please note that the clamav daemon uses around 200MB for each instance and won’t run on a VPS with less than 1Gb and on a 1GB needs a swap partition to be able to restart the service.

Shows the ClamAV memory usage running on a Kolab mail server installation.
Shows the ClamAV memory usage

Create SWAP File

We are using a VPS from DigitalOcean and this does not have a swap partition assigned to it however we can just create a swap file instead, as DigitalOcean use SSDs for their storage then the swap file is pretty quick.

Create a file called swapfile in the root file system.

Check to see if the file has been created.

Set the correct permissions.

Format it as a SWAP type.

Activate the SWAP file so it is used as SWAP, you should see SWAP available in htop after running this command.

Edit the Fstab to enable the swap partition on boot.

Now clamav will restart correctly because it can allocate the memory.

POODLE Attack Revealed, Disable SSLv3

Information from BetterCrypto.

Edit the Postfix

Change the TLS section to:

Edit the /etc/cyrus.conf

If you don’t need or use Pop3 then it may as well be disabled.

Edit /etc/imapd.conf

Configure DNS/SPF (Important for a trusted mail server)

Please look at this post about DNS configuration.

Adding Plugins to Roundcube

Adding plugins is quite simple. Please do not confuse myRoundcube with roundcube as these are not the official plugins, they are modified versions that require the use of their plugin manager and they also charge for some of the plus versions of plugins. This is not to say do not use them as many people do but I prefer not to be forced to use a tool just to install and get the plugins.

On roundcubes official wiki they mention the file but in the Kolab install it is /usr/share/roundcubemail/config/ instead.

My favourite plugins so far are: markasjunk2 , serverinfo and twofactor_gauthenticator.

The way to install a plugin is to copy the plugin the correct directory and then enable it in the plugin array. You don’t even need to restart any services, just refresh the page. The links above have instructions on installation but I will go through install the serverinfo plugin. This plugin adds useful information to your settings page such as port numbers etc.

Download the zip/tar file to a directory on the server using wget.

Unzip the file:

Copy the folder to the plugin directory:

Edit this file /usr/share/roundcubemail/config/ and find the plugin section. I have removed most from this list as it is a little long and not necessary to show the whole list.

I have added the plugin serverinfo. Generally the plugin name is the name of folder copied. Please note, When downloading some of the plugins from Github the folder normally needs to be renamed as per the instructions.

Now the plugin is enabled.


Kolab Installation Guide |

Kolab Anti Spam | Kolob Blog

Roundcube Plugin Repository |

Arch Swap File | Arch Wiki

Mail Tester

DKIM Take up Experiment

DKIM Configuration | Exratione