K-9 Mail fails to connect to Kolab server

  • I have a clean installation of Kolab and wanted to sync my Android phone with Kolab by now.
    On my server Cyrus already generated some SSL certificates in /etc/ssl/ so I've kept them.

    When I set up K-9 Mail with IMAP, it is aware of the server configuration. It recommends using the following settings:
    Server: imap.example.com
    Encryption: SSL/TLS
    Port: 993
    Username: user@example.com
    Authentication type: Password, default

    After continuing, the app tells me that there is a invalid certificate with a longer error message, which I try to accept instead of declining it. Afterwards I retrieve the information that either the username or the password is wrong (both should be correct). Of course I am not able to retrieve my emails.

    Now I am unsure if I have to setup another SSL certificate, or making customizations to my DNS entries. I do not know why the ports and the encryption type differs from the way it was shown on the documentary (I already tried these settings as well). What is your recommendation? How did you set it up correctly?

  • It would help to have the "longer error message".

    The certificate might be considered invalid by K-9 Mail, because it is self signed.

    Another issue I had recently was because the certificate chain was missing, but that was with a bought certificate.

    You can use a free letsencrypt certificate as well.

    Another issue could be guam, if you have not disabled it. Then your client would connect on port 993 to guam, and you need to configure that properly as well with the certificate. see https://kolab.org/hub/topic/129/cyrus-tls-certs-in-kolab-16

  • Here is the beginning of the error message:
    java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.)

    The error message is the same, after changing /etc/imapd.conf and /etc/guam/sys.config to use the LetsEncrypt certificate. Probably I have to extend the certificate for the subdomains imap.example.com and smtp.example.com, instead of just using kolab.example.com?

    And is it recommended to disable guam? Disabling would be using "service guam stop" and "sysctl disable guam"?

  • After I added the smtp and imap subdomain, K9-Mail finally accepts the certificate. But the issue is not yet solved.

    Once I switched the encryption type to STARTTLS in K9-Mail, it changes the port to 143. (exactly the same settings are mentioned in the Kolab documentary.) After submitting these information, and opening the next page it tells me the following pop up message: "Cannot connect to host."

    My firewall settings are flushed, so this must be caused my a wrong configuration of one of the kolab services..

  • @timotheus UPDATE: I noticed that the LetsEncrypt TLS/SSL files were symbolic links (with a relative file path). This caused some problems, but now IMAP is partially working. Some ports are still not working:

    IMAP Ports:
    -143 + STARTTLS -> Not working
    -993 + SSL/TLS -> Working

    SMTP Ports:
    -465 + SSL/TLS -> Not Working
    -587 + STARTTLS -> Working

    How can I fix Port 143 and 465? What am I missing? And still I am unsure why ActiveSync my the preinstalled E-Mail Application on Android is not working.

Log in to reply