You have installed Kolab 16 on CentOS7 and you now want to secure it with SSL/TLS. This article describes how to do that with Let’s Encrypt.
Category Archives: Documentation
Enabling ActiveSync (EAS) Support in Outlook
In Outlook 2016/365 ActiveSync support is not enabled by default. While it is still possible to use the manual setup procedure through the Windows Control Panel, unfortunately auto-discovery does not work in this case.
Alternatively it is possible to enable ActiveSync support in Outlook by creating a registry key as follows (source):
- Close all Office applications.
- Start Registry Editor (regedit.exe).
- Locate and then select the following key:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Setup\ - On the Edit menu, point to New, and then click DWORD Value.
- Type EnableEASAccountCreation, and then press Enter.
- In the Details pane, right-click EnableEASAccountCreation, and then click Modify.
- In the Value data box, type 1 to enable, or 0 to disable EAS account creation, and then click OK.
- Exit Registry Editor.
You can now create ActiveSync accounts using the regular account creation wizard in Outlook by selecting Exchange ActiveSync as account type.
Automatic Email Signatures
In a time when email addresses did not always make sense, email signatures served the purpose of identifying the author to the recipient. As described in RFC1855 (Netiquette), it had to be short and to the point. Evolution has since driven the feature of signatures into new functionality and areas, like marketing and legal recognition. Today many organizations has strict rules for signatures, the content and the format, and some countries demand business mails to have certain text and statements included in the signature.
Kolab has an option to automate this feature, so that organizations can be assured that rules and appliance are followed.
Configuring Syncroton for ActiveSync connections..
It is possible to connect to a kolab 16 server through the ActiveSync protocol. This makes it possible to use the Microsoft Outlook client in the most effective way towards Kolab. Kolab-syncroton, the kolab ActiveSync implementation, is installed together with the default installation.
Integrate Chwala with Seafile on Enterprise Linux 7
Seafile is a GPL v3-licensed software designed to host files privately and securely on servers with access to the Web, in a fashion similar to some popular proprietary solutions. As of Kolab version 16, Chwala, the file storage component of Kolab, can use Seafile as a backend to store files.
This document outlines the steps needed to interface Chwala with Seafile.
Prerequisites
- Kolab Groupware, kolab 16 or later (chwala 0.5.5-4.1 or later)
- Installed on RedHat Enterprise Linux
- Seafile version 4 or later, running on a top level domain (
files.example.comin this guide)
Capturing Debug Logs
This guide outlines various methods to allow Kolab components to log verbosely, for the purpose of troubleshooting.
Configuring Kolab with setup-kolab
After having installed kolab (following the appropriate install guide in this knowledge base) it needs to be configured. The script ‘setup-kolab’ is distributed with the out-of-the-box installation and is taking care of the basic configuration, but a successful configuration is depending on the environment that Kolab is installed into. Many aspects and variables will have an impact on the configuration. This guide is only touching on the absolute basics. For information and assistance with more complex installation scenarios, please contact sales@kolabsystems.com
Client configuration for Plesk Premium Email
Plesk Premium Email is compatible with a variety of desktop and mobile clients.
MacOS clients
To connect your native MacOS clients use the “Internet Accounts” System Preference settings to add the following accounts:
IMAP
- Select Mail under Add Other Account…
- Enter your email address and password
- Add your domain as incoming and outgoing server (e.g. example.com)
- Deselect notes
CalDAV
- Select CalDAV under Add Other Account…
- Select Automatic and enter your email address (e.g. user@example.com) and password.
CardDAV
- Select CardDAV under Add Other Account…“
- Select Automatic and enter your email address (e.g. user@example.com) and password.
Windows 10 Mail
- Select Add Account
- Select Advanced setup
- Select Exchange Active Sync
- Enter your details:
- Your username is the same as the email address
- As Domain use the domain part of your email address
- As Server use the domain part of your email address
- Enable SSL
Outlook 365
- Click the Start button and type in “control panel” in the bottom search line. This opens the Control Panel
- Select User Accounts
- Selecting Mail (Microsoft Outlook 2016)(32-bit) will open the Email Account Configuration window.
- Select Email accounts (Setup email accounts and directories)
- Select New to add a new account to the list of existing accounts.
- Select Manual Setup or additional server types. Choose [Next>]
- Select to connect via Exchange ActiveSync. Choose [Next>]
- Now enter your details:
- Your username is the same as the email address
- As Mail server use the domain part of your email address
Thunderbird
- Enter your email address and password and click continue
- Select manual configuration and edit your details:
- Use example.com as incoming and outgoing server hostname
- For incoming use SSL over port 993 and normal password
- For outgoing use SSL over port 465 and normal password
- Use your full email address ad username for incoming and outgoing
CalDAV
- Login to webmail and select Show calendar URL from the menu.
- Copy the second url for read and write access to the calendar.
- Select New Calendar in Lightning, select On the Network as location, and paste the previous url while selecting the CalDAV format
Android
Use the Exchange account with the default Android applications. All you need is your email address and password.
Should you want to use other applications, please refer to the generic settings below.
Generic Settings
As long as your client application is following the standards, it can be used to connect to Plesk Premium Mail. Below is an overview of the various protocols we support along with the settings you need to enter in your client.
IMAP Settings
- Incoming server (IMAP): example.com
- Port/Security: 993 + TLS
- Authentication: Encrypted Password
- Username: user@example.com
Please use your full and primary email address as username here.
SMTP Settings
- Outgoing server (SMTP): example.com
- Port/Security: 465 + TLS
- Authentication: Encrypted Password
- Username: user@example.com
Please use your full and primary email address as username here.
CardDAV and CalDAV Settings
Please point your CalDAV and CardDAV capable client to these addresses:
For CalDAV: https://example.comor if that did not work: https://webmail.example.com/iRony/calendars/user%40example.com
For CardDAV: https://example.com or if that did not work: https://webmail.example.com/iRony/addressbooks/user%40example.com
When using the alternative address, please make sure to replace the last part (user@example.com and domain) with your actual username or switch to a client that is able to auto-discover the correct addresses based on the short address
ActiveSync/Exchange
Plesk Premium Mail also supports the proprietary ActiveSync protocol (often labelled Exchange in clients). In order to connect your client via this protocol, please use the following server address:
example.com
Plesk Premium Email Troubleshooting
Webmail does not redirect to HTTPS
Your clients should always use https to connect to webmail, to avoid being vulnerable to attacks. A good method to ensure this is the case is to redirect from non-https to https.
To enable the https redirect got to the hosting settings of your domain and enable “Permanent SEO-safe 301 redirect from HTTP to HTTPS”.
No DNS entry for the webmail url
Plesk Premium Email must be able to resolve the webmail url to the same system it is running on.
Can’t connect to webmail using HTTPS
This indicates that you system does not support https. Ensure your system is properly secured with a suitable certificate (e.g. from Let’s Encrypt).
The domain is configured to use Horde instead of Roundcube
Plesk Premium Email relies on Roundcube being configured for the domain. If this is not the case the webmail will not be available.
To fix this go to the “Mail Settings” of this domain and select “Roundcube” as webmail.
Webmail could not be found
Plesk Premium Email relies on Roundcube being configured for the domain. If this is not the case webmail will not be available.
To fix this go to the “Mail Settings” of this domain and select “Roundcube” as webmail.
Preferred domain redirects are not supported and will break various features
Preferred domain redirects (e.g. “example.com” -> “www.example.com”) are currently not supported and will break various features, including seafile integration, activesync and collabora integration.
To disable the redirect got to the hosting settings of your domain and enable select “None” as “Preferred domain”.
Upgrading from Kolab 3.4 to Kolab 16
The purpose of this guide is, to describe the procedure of upgrading a Kolab Goupware installation from a default installed Kolab 3.4 (last “community version”) to Kolab 16. The guide is not taking into consideration any customized configuration. neither is it considering installations of Kolab 3.4 on CentOS 6, which is not supported for Kolab 16.
Upgrading Kolab
Install the Kolab Groupware repository configuration:
# cd /etc/yum.repos.d/
# wget http://obs.kolabsys.com/repositories/Kolab:/16/CentOS_7/Kolab:16.repo
Remove the existing Kolab 3.4 repositories:
# rm Kolab\:3.4.repo
# rm Kolab\:3.4\:Updates.repo
Make sure that the packages from the Kolab repositories have a higher priority than e.g. the EPEL packages:
# for f in /etc/yum.repos.d/Kolab*.repo; do echo "priority = 60" >> $f; done
Replace php-mysql with php-mysqlnd:
# yum shell
> remove php-mysql
> install php-mysqlnd
> run
(Confirm as requested)
> exit
Update all:
# yum -y update
Note
During the cleanup, you might see the message:
/var/tmp/rpm-tmp.TUmak9: line 1: fg: no job control
Cleanup : cyrus-imapd-2.5-108.3.el7.kolab_3.4.x86_64 347/404
/var/tmp/rpm-tmp.K51Mal: line 2: fg: no job control
warning: %postun(cyrus-imapd-2.5-108.3.el7.kolab_3.4.x86_64) scriptlet failed, exit status 1
Non-fatal POSTUN scriptlet failure in rpm package cyrus-imapd-2.5-108.3.el7.kolab_3.4.x86_64
This is a warning, and the Cyrus-imapd package will be updated. This can be checked after the update with the command:
# rpm -qv cyrus-imapd
Drop the policy_result table from MySQL.
Updating the Configuration
After upgrading the packages to Kolab 16 repository, the configuration needs to be updated.
Configure the new module “Guam”:
# setup-kolab guam
Warning
If the Kolab 3.4 installation was a standard installation with no changes to the defaults, then the following 2 commands can be run at no risk (The correct password for the current roundcube database user is still needed for verification).
However, if changes were made to the defaults, the original configuration should be copied off for later compare with the newly written configuration.
Update the roundcube configuration:
As setup-kolab is unable to write to the already existing mysql database, an error message will show:
ERROR 1007 (HY000) at line 1: Can’t create database ’roundcube’; database exists
ERROR 1050 (42S01) at line 8: Table ‘session’ already exists
The new and updated config file will however be written and the appropriate services be restarted.
The correct password for the current roundcube database user is still needed for verification.
# setup-kolab roundcube
Update the imap configuration:
# setup-kolab imap